Privacy hits the headlines as Google consolidates its privacy policies into one policy

March 2, 2012 - PRLog -- Until now, Google maintained about 70 separate privacy policies across its varied range of products (e.g. Google Search, Groups, Gmail, or YouTube). It has now moved to consolidate these policies into one privacy policy across all products.  It will also consolidate into one database entry all the information it holds across its various products that is tied to a given email address, so that a user’s personal data is no longer compartmentalised according to the particular Google product used.  While this means that Google will not hold any more data about a given user than at present, on the other hand all its products will have access to all the data that Google holds about that user, which was not previously possible.

This development has caused widespread discussion and concern.  In late February, the French data protection regulator CNIL asked Google to delay implementation of the policy to allow more time for CNIL to analyse the implications, since it suspected that the policy may breach the EU Data Protection Directive. However, Google has not delayed the new policy.

Briony Williams, a security consultant at the information security company commissum, comments:  "This development has far-reaching implications, because it changes the rules of the game after the fact.  Users signed up to Google products under the privacy policies in force at the time, and built up their personal Internet presence partly using those products. With the new policy, the rules have been changed.  Users no longer have the fine-grained control over personal data that they had before.  For those who object, the only option is to withdraw completely. If Google were selling consumer goods, this would matter less. But Google's stock-in-trade is actually personal data, which enables it to sell advertising to other companies. This business model makes it all the more important for Google to take seriously the concerns raised by official bodies and users, since at present there is no commercial motivation for Google to restrict its use of personal data. This means that the privacy policy is the user's only protection. Hence the policy needs to be subjected to detailed analysis over a longer period than has been possible so far, which makes it disappointing that Google has allegedly chosen to ignore CNIL's request for a delay."

# # #

About commissum

commissum is a European company specialising in information assurance and security services for business and government. Services include penetration testing, information assurance consultancy, information security auditing, and configuration of systems. Website: http://www.commissum.com