BERLIN — Regulators in Europe, Canada and Asia asked Google on Tuesday to change aspects of its 10-month-old global privacy policy, which combines data on individuals from its range of online services, to better protect personal data. þþThe unusual multilateral request was made by the French regulator, CNIL, the National Commission for Computing and Civil Liberties, at a news conference in Paris. The French agency was asked earlier this year to analyze the legality of Google’s new data policies by the European Commission’s top privacy panel, the Article 29 Working Group. þþThe French agency found several areas where Google’s combination of data from services such as YouTube, its Android mobile operating system and the Google search engine could compromise personal data. Its recommendations were endorsed in a letter sent to Google by Jacob Kohnstamm, the chairman of the Article 29 panel. þþMr. Kohnstamm said by telephone that privacy regulators in all 27 European Union countries, plus Canada and some countries in Asia, had signed the letter, which outlines areas for changes to improve protection of personal data. þþMr. Kohnstamm had asked Google in a letter Feb. 2 to postpone its new privacy policy so European regulators could investigate its effects on privacy. But Google declined. þþ“We are hoping that this time Google will listen to us,” Mr. Kohnstamm said. “We are terribly sorry to the citizens of Europe that this has happened.” þþAsked what regulators would do if Google did not accede and make changes, Mr. Kohnstamm said national regulators probably would take legal action to compel changes. þþ“After all, enforcement is the name of the game,” Mr. Kohnstamm said. þþA Google spokesman said early Tuesday by e-mail that the company declined to comment ahead of the French regulator’s news conference. þþThe search engine giant said in January that its new privacy policy would consolidate information the company had collected on individuals to streamline and unify privacy policies across its business. þþEuropean regulators expressed concern at the time over Google’s decision, and deputized the French regulator to investigate whether personal data was being protected under European law. þþIn a letter sent in February to Google’s co-founder and chief executive, Larry Page, CNIL said Google’s new policy was unclear in how it would handle personal data. þþThe request to Google comes as European antitrust regulators separately are investigating whether Google has used its search engine to favor its own services and through preferential rankings to put competitors at a disadvantage. þþThe U.S. Federal Trade Commission is also preparing a recommendation that will ask the U.S. government to sue Google for its search engine practices. þþIn Europe, Google has been under fire since it admitted in 2010 admitted that it had collected private data on individuals by secretly siphoning unencrypted Internet data that was broadcast from home WiFi routers, as Google cars drove by to take photographs for its Street View online map business. þþGoogle at the time attributed the collection of WiFi data to a programmer’s error, but the computer engineer at the center of the project, who resided in California, has never publicly given his version of events. Last April, the Federal Trade Commission fined Google $25,000 for obstructing its investigation into the incident, although the regulator concluded that Google’s collection of WiFi data, while intentional, was not illegal. þþIn Europe, a criminal and a civil investigation into Google’s WiFi data collection are still open in Germany, although most European countries have since dropped their complaints after Google apologized. In France, CNIL, which was the first European privacy agency to search the technology on Street View cars, fined Google €100,000, or $130,000, in 2011. þþEuropean objections to Google’s new global privacy policies could force the U.S. company to modify its business, at least in Europe, if not around the world, said Ulrich Börger, a privacy lawyer in Hamburg with the U.S. law firm Latham & Watkins. The company uses personal data to better target and calibrate its advertising-driven business. þþ“It really depends on what the European privacy regulators will ask of Google and how painful it is for the company to make those changes,” Mr. Börger said. “Google may decide by itself to do this, or they may have to weigh whether it is something they can do.” þþWhile European regulators are coordinating their investigation into Google’s online privacy policies, enforcement of privacy law in Europe remains a matter for national regulators. In France, the CNIL has the legal ability to fine companies up to €300,000 for privacy breaches. But whether CNIL will levy a fine, and whether other E.U. countries follow suit, remains unclear. þþMr. Kohnstamm said Tuesday it was the first time that European regulators had cooperated at the outset to address a privacy issue affecting all of their countries. þþ“It is the first time we have cooperated in this manner,” Mr. Kohnstamm said. “But the Internet does not recognize any borders and if online companies go global, then data protection agencies have to go global too.” þ
Source: NY Times
