Defending Google’s Privacy Policy

Although European regulators may complain about it, Google’s current privacy policy allows the company to create new products that can determine more information about Google users. This article takes a look at the controversy around Google’s privacy policy.

Problematic Policy

According to Larry Page, Google’s chief executive, “Virtually everything that we want to do, I think, is somewhat at odds with locking down all of your information for uses you haven’t contemplated yet. That’s something I worry about.”

The policy in question was announced in January 2012 and came into effect later in March. For individuals logged into a Google account, the company can use information shared on one service in other Google services. For instance, Google could show people an ad on YouTube, based on what they have searched for in the search engine, or correct the spelling of a friend’s name in a search, from information in their Gmail accounts.

Page defended Google’s policy, saying that recently-released products, such as Android’s Google Now, a personal assistant app, would not be possible without it. For instance, Google Now can send you an alert to let you know when to leave to avoid being late for a meeting, by combining information from your calendar, your phone’s current location and the traffic conditions for your city.

Request to Clarify

On October 16, 27 European data protection agencies requested that Google modify its global privacy policy that governs numerous Google online services – including the flagship search engine, Android mobile phone apps and YouTube videos – so that users have a clearer understanding of what personal data is being collected and can better control how that information is shared with advertisers.

Google is not alone in its practice of collecting personal data from users (e.g. sex, age, internet browsing histories), in order to customize services and sell ads. To keep with European privacy law, the company only collected data when its users “opted in.” Opt-ins were essentially a requirement of each service, and all users had to do was click the “I Agree” button before using a service for the first time.

Since last winter, European privacy regulators have been voicing their discontent about the new procedures, asking Google to delay their introduction. When the company declined, the European Commission asked France’s privacy agency, the Commission Nationale de l’Informatique (CNIL), to take the lead on a legal analysis, which resulted in the October 16 letter to Larry Page.

According to Isabelle Falque-Pierrotin, head of CNIL, “The new privacy policy allows an unprecedented combination of data across different Google services. We are not opposed to this, in principle, but the data could be employed in ways that the user is not aware of.”

Falque-Pierrotin went on to say that she would give Google three to four months to adjust their policy. Should the company refuse, she and other European data protection officials might take legal action or impose fines.

The Response

Of course, the company was quick to defend its privacy policy, refusing changes to its well-known services such as the search engine or the Google+ social networking service. “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law,” said Peter Fleischer, the global privacy counsel at Google.

In the US, consumer privacy groups decried Google’s new privacy policy when it was announced, and the Electronic Privacy Information Center (EPIC), filed a lawsuit to try to make the Federal Trade Commission block it. However, a judge dismissed the complaint, while the FTC did not disclose whether or not it would be investigating Google’s policy.


This article takes a look at Google’s revised privacy policy, which raised eyebrows when it was first introduced in March 2012. In mid-October, European data protection officials sent the company a letter requesting changes to the policy, which would have far-reaching effects on Google’s many services, including the search engine, Google+ social networking and Android mobile services. The company was quick to defend its policy, refusing to make changes to what it considers its essential services.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam,  a privacy professional should be comfortable with topics related to this post, including:

  • Methods of data collection (I.B.a.)
  • Consumer privacy concerns (II.A.a.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>