Google Privacy Policy – “in Breach of EU Law”?
Google Privacy Policy – “in Breach of EU Law”?
Author(s): Alicja GniewekSubject(s): ICT Information and Communications Technologies, EU-Legislation
Published by: Masarykova univerzita nakladatelství
Keywords: Cloud Computing; Data Protection; Privacy Policy; Transparency; EU Data Protection Law;
Summary/Abstract: On the 1st of March 2011, one of the biggest service providers in the Internet domain — Google (search engine, web mail, social networking site, Google Aps etc.) — changed its Privacy Policy. Instead of different privacy policies for each service, one single Privacy Policy was adopted for all its services. An information campaign was made in advance: Google gave its users two options — either agree to adopt its new Privacy Policy or cease using Google services altogether. The latter option proved to be quite difficult (but not impossible) to enforce. Google’s near total market domination gave it no incentive or inducement whatever to offer users a third option of selective participation in its services. Google’s new Privacy Policy created a huge outcry across the world, despite a huge information campaign conducted to assuage users’ fears. The policy was scrutinized by data protection authorities throughout the world (French data authority – CNIL on behalf of the European Union; U.S. Attorney General, the Privacy Commissioner of Canada and the Asia Pacific Privacy Authorities). Their privacy concerns (e.g. cross-services information gathering and possible consequences such as profiling, privacy concerns for Android users, ways of informing users and possibility of opt-out) are addressed in this paper. The emphasis is on the European standpoint as it seems to be the most articulated at the moment; this is highlighted by CNIL’s detailed questionnaires on March 16 and March 22. This paper also analyses Google’s policy in the context of transparency and a data subject’s right to be informed. The paper offers the tentative conclusion that Google’s Privacy Policy is in breach of the EU Data Protection Directive (Directive 95/46/EC). The paper finally describes the possibility of massive abuse brought by the new policy. It attempts to show that personal profiling can bring with it such activities as hacking, identity theft and fishing expeditions conducted by law enforcement authorities. It can in turn impact upon freedom of expression.
Journal: Masaryk University Journal of Law and Technology
- Issue Year: 7/2013
- Issue No: 2
- Page Range: 319-346
- Page Count: 28
- Language: English
