Google refuses to halt privacy policy change

European Union data protection officials have asked Google to halt its implementation of a controversial new privacy policy while its affect on users is examined.

The sweeping changes to rules that Google announced last week give it greater scope to deploy personal information of its hundreds of millions of users across its many services, from search and email to its video site, YouTube, its Android smartphone software, and Google+, its social networking platform.

The Article 29 working group, a group of national officials who advise the EU on data protection issues, has written to Larry Page, Google’s chief executive, questioning the new approach.

“We wish to check the possible consequences for the protection of the personal data of these [EU] citizens in a co-ordinated procedure,” wrote Jacob Kohnstamm, chairman of Article 29, which has clashed with Google and other internet companies several times in recent years.

Mr Kohnstamm said the group had asked the French data protection watchdog, CNIL, to lead the probe.

Google said it would respond to the letter and brief the group on the changes but refused to put the March 1 implementation on hold, saying that “delaying the policy would cause significant confusion” and added that Article 29 has no legal powers to force it to halt the procedure.

“We briefed most of the members of the working party in the weeks leading up to our announcement,” Google said. “None of them expressed substantial concerns at the time, but of course we are happy to speak with any DPA [data protection agency] that has questions.”

Google has warned its users of the changes repeatedly via its website, email and several blogs.

Privacy campaigners in the United States have challenged Google over the changes, amid mounting concern about the search company’s handling of personal information. Its longstanding rival, Microsoft, has even attacked Google’s trustworthiness in newspaper advertisements.

Google representatives were quizzed by a US Congressional committee in Washington on Thursday about the new policy.

Bono Mack, chairman of the Manufacturing and Trade subcommittee, which has responsibility for data protection, was critical of Google, telling reporters after the hearing that the policy was “more complicated”, not simpler as Google has argued, and that she did not think the search company’s responses were “very forthcoming necessarily in what this really means for the safety of our families and our children”.

Google was also attacked by British MPs this week in a privacy committee hearing for what they saw as its failure adequately to remove content from its index that has been ruled illegal in court.

The European Commission last month unveiled proposals for sweeping changes to EU privacy rules, including a new “right to be forgotten”. This would allow users to reclaim any data that they have posted on the internet, notably on social networks.

The proposal, which needs to be approved by EU member states and the European Parliament, would also create a “European Data Protection Board” to replace the Article 29 working party. Though national regulators such as France’s CNIL would be charged with enforcing privacy rules domestically, the new board would co-ordinate complex cross-border cases such as the Google privacy issue.

Viviane Reding, the EU justice commissioner behind the proposals, on Friday called on the data protection authorities to “ensure that EU law is fully complied with in Google’s new privacy policy”.

“It is good to see that the Article 29 Working Party take this matter in hand,” she said.

Ms Reding had originally welcomed Google’s new privacy rules on the day of their release.

“Even before the Commission decided on the new European law, Google made a first step in the direction of new privacy rules. I can only applaud all companies [which] try to move to the right direction.”