Risk
6/20/2013
02:41 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Given Three Months To Meet Privacy Law

French data protection agency threatens fines if privacy fixes aren't implemented soon.

France's national data protection agency, CNIL, has given Google three months to alter its privacy policy so that it conforms with French law. If the company fails to do so, CNIL warns that it may impose sanctions.

CNIL objects to Google's privacy policy because, it claims, Google users are not adequately informed how their data will be used and are not given enough control over their data. It also wants to ensure that data isn't held longer than necessary, that data is only combined in a lawful way, and that users provide informed consent when data is collected for analytics.

The agency says its goal is to encourage Google to conform with the law without limiting its ability to innovate.

Google didn't immediately respond to a request for comment.

[ What do you know about NSA's digital dragnet? Read What Prism Knows: 8 Metadata Facts. ]

The agency also says that data protection authorities in Germany, Spain, France, Italy, the Netherlands and the U.K. plan to initiate legal proceedings against Google for privacy law violations in the respective countries.

These European data protection agencies have objected to Google's decision last year to harmonize its privacy policies across some 60 services.

When Google announced its plan to consolidate its privacy policies last year, the Article 29 Working Party, a European Union privacy body that includes CNIL representatives, asked Google to delay implementing the change to ensure there were no misunderstandings about Google's commitment to user privacy. Google refused, noting that it had briefed data protection authorities and provided both conspicuous notice to users of its services and adequate advanced warning of the change.

It also defended the change by pointing out that regulators have been asking for shorter, more comprehensible privacy policies.

Privacy has been something of a quagmire for Google in Europe, ever since the company revealed that its Street View cars, since 2007, had been collecting unprotected Wi-Fi data as they drove around.

Though such wholesale data gathering seems quaint following revelations about the extent of NSA data gathering and of private sector cooperation, it nonetheless continues to dog Google abroad if not in the U.S.

For example, the Article 29 Working Party, along with the privacy commissioners of Canada and Australia, wrote a letter to Google earlier this week seeking details about how Google Glass works, despite the fact that Google's Android-based eyewear is presently only available in the U.S. and has only been distributed to a few thousand people. In terms of privacy, Google's reputation precedes its products, at least among regulators.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
xBaja
50%
50%
xBaja,
User Rank: Apprentice
6/20/2013 | 9:37:24 PM
re: Google Given Three Months To Meet Privacy Law
The small fines will not dent their profits from tracking people, habits and preferences, so they can keep delivering ad content to them. They are also a valuable resource for the government, when they want that information.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.