As we reported earlier today, ten days after Google first announced that it was updating its privacy policies and bringing them together under one roof, it was announced that France’s data-protection agency was leading an EU ‘analysis’ into the changes, asking the Internet giant to delay the changes, currently scheduled to take place on March 1, 2012.
“75% of European digital ecosystem is present at #TNW2018”
Are you doing business in Amsterdam in May?
The letter to Google was written by Jacob Kohnstamm, Chairman of the Article 29 Working Party, which constitutes representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission.
As we noted earlier today, Google had already confirmed that it wouldn’t delay its policy changes, because this would further confuse its users on the back of what was one of Google’s biggest ever notification campaigns.
However, now Peter Fleischer, Global Privacy Counsel at Google, has given a fairly extensive response to the ‘pause’ request.
The letter starts:
“Thank you for your letter about Google’s plans to update our privacy policies.
Given the misconceptions that have been spread about these changes by some of our competitors, we wanted to take this opportunity to clarify a few points.”
Google goes on to explain that its approach to privacy hasn’t changed, noting that its announcement ten days ago “is a great example of our effort to lead the industry in transparency.”
The letter also reiterates a point previously made that the initiative has heralded “the most extensive user notification effort in Google’s history – including promotions on our homepage, emails to our users, just-in-time notifications, and more – to ensure that our users have many opportunities to learn about these changes.”
The rest of the letter continues to explain the underlying ethos of the changes, namely that users signed into Google Accounts won’t need to sign in to use many of its services including Search, Maps, and YouTube, and Google isn’t collecting any additional data regarding its customers.
Fleischer continues, though, to outline previous communications from the Article 29 Working Party’s, saying:
“Regulators globally have been calling for shorter, simpler privacy policies, and we’ve received good feedback from several agencies since last week’s announcement. For example, the Article 29 Working Party’s 2004 opinion on more Harmonised information Provisions said ‘Simpler notices that facilitate citizen’s awareness could help improve the current levels of understanding of data protection rights and responsibilities.'”
So it seems that Google is damned if it does, and damned if it doesn’t. To further clarify Google’s position, Fleischer adds that the company consulted extensively with the EU previously:
“As you will know, we had extensively pre-briefed data protection authorities across the EU prior to the launch of our notification to users on 24 January 2012. At no stage did any EU regulator suggest that any sort of pause would be appropriate. Since we finished these extensive briefings, We have notified over 350 million Google account holders, as well as providing highly visible notices to all our non-authenticated users. In addition, the policy does not come into effect until 1 March 2012, as we wanted to leave more than adequate time for our users to be able to read and understand the policy before it’s fully implemented”
Indeed, it does seem strange that the EU would request a ‘stay of execution’ from Google launching its new privacy update, given that there was plenty of opportunity for this to happen before it started rolling out its plans. But unless it’s subjected to a sustained and extensive negative PR campaign between now and March 1, it doesn’t look like Google is about to pivot its decision.