Google has rebuffed requests by the European Union privacy body to delay the implementation of changes to the policy due to its concerns.
The Next Steps
At present, it appears that neither side is about to back down. Over the past month, Google has requested to meet with the CNIL, but its offer has not been accepted.
For now, Google maintains that it has provided a policy that meets the Working Party’s recommendations while still providing wide-ranging information to its users.
Its policy follows the guidelines published by the Article 29 Working Party in 2004, Google said.
However, there are still concerns that this is not enough.
The enforcement of EU data protection rules is decentralized, Newman noted, adding that “it’s up to the national data protection authorities to ensure that companies follow the rules. The Commission cannot take action against individual companies.”
Action and Reaction
There is a perception that the EU bodies have been late to respond by waiting until the day the privacy changes go live, Forrester Research analyst Anthony Mullen told the E-Commerce Times.
“The issue with the EU at present is that there are two ‘privacy trains’ running,” he explained. “The first is the EU Cookie Directive, which does not have teeth given it’s a) EU only and willfully ignorant of how data moves between borders on the Web; b) predicated on a specific technology, i.e., cookies; and c) a directive — meaning it’s verging on advice rather than hard-and-fast law. This is why the directive has mostly been ignored by most companies outside of regulated industries. The second train running is the Data Protection Act, which does indeed have teeth but was recently revised in January.”
With respect to data transparency, the Google Dashboard is better than anything in the industry for playing back to customers what data is held about them, Mullen added — Microsoft, Yahoo, and the telecom companies don’t come close to such transparency.
“If Google was a public service, which we sometimes imagine them to be, then the taxpayers would want them to be efficient and to consolidate and remove duplication,” he said.
“Yes, it has a business benefit for Google,” Mullen acknowledged, “but hobbling Google by asking them to run two sets of architectures for their business — old privacy/data management setup and the new one — shows a lack of understanding about how services and technology [are] constructed.”