News and Events

Sharing is caring...for Google, but not for Europe

  • Posted

It was reported recently that Twitter was selling-off tweets to marketing companies, and that as of 1 March 2012 Google changed its privacy policy for all of its services (including YouTube, Gmail and Blogger).

In neither case was the user informed of this policy change. This provoked a rather stern response from the CNIL (the French data protection commissioner).

As of 11 October Microsoft has made the same privacy change, although the reaction hasn’t been quite so vitriolic – still it is worth re-iterating the point. Evidently this raises a number of privacy and data protection issues.

Google’s ‘New Terms of Service & Privacy Policy’ has created an open ended sharing allowance for Google, and the same goes for Microsoft. These service policy changes allow for the dissemination of private data across multiple platforms.

Google’s business model – the selling of ads targeted at an individual’s behaviour relies on browsing information from visitors. The new policy agreement prevents users from opting out unless they refrain from using Google entirely.

Users visiting a site which displays one of Google’s “+1″ buttons is recorded and kept for up to 18 months and can be associated with other data from other Google services. Data collected is then associated with a unique identifying number and stored by Google for two years – which can be renewed without consultation. This data is then used as the basis for targeted advertising.

Ultimately, Europe wants Google and Microsoft (and others), to provide users with the option to decide when their data is used for combined services and to give control over that data. The regulators also want to centralise the opt-out and decide which bits of personal data go where. Google and no doubt Microsoft are mulling-over the European proposal.

In the meantime companies who have accrued large banks of users or customers have a limited window from which to commercialise and sell their lists before the European Union data protection regulation applies.