Monday, April 15, 2013

When will the FTC follow the EU's lead in protecting digital privacy?

Are Google's March 2012 privacy policy changes legal?  This is a question that the European data protection authorities have been working on since Google first announced its intention to change its privacy policies in January 2012.  Soon after the announcement, France asked European data protection authorities to open an inquiry into the matter. In addition, U.S. Representative Edward Markey announced his intention to ask the FTC whether Google's privacy policy changes were also legal in the United States.   

On April 2, 2013, the United Kingdom's Information Commissioner's Office (ICO) stated, "the ICO has launched an investigation into whether Google’s revised March 2012 privacy policy is compliant with the (European) Data Protection Act. The action follows an initial investigation by the French data protection authority CNIL, on behalf of the Article 29 group of which the ICO is a member. Several data protection authorities across Europe are now considering whether the policy is compliant with their own national legislation." 

The ICO's announcement was in conjunction with France's Commission nationale de l’informatique et des libert├ęs (CNIL-France's privacy body) press release that stated on March 19, 2013, "representatives of Google Inc. were invited at their request to meet with the taskforce led by the CNIL and composed of data protection authorities of France, Germany, Italy, the Netherlands, Spain, and the United-Kingdom. Following this meeting, no change (by Google to its Privacy Policy) has been seen."  The CNIL further stated, "[t]he article 29 working party’s analysis is finalized. It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation."

How will this development affect Google?  It means that French data protection authorities along with regulators in the UK, Netherlands, Germany, Spain and Italy may take joint legal action involving an investigation and possible fines into Google's privacy policy changes that enables it to combine the data it obtains from users across all of its digital services.  The ICO has the authority to levy fines of up to £500,000 for breaches of the Data Protection Act. The CNIL may fine an entity up to €300,000 (£255,000).  While these fines may not be much of a deterrent to Google and/or other companies to stop allegedly violating European privacy laws, regulators may also sue to block a company from operating in Europe.  If this route is taken against Google and/or others it may harm a company's ability to operate in Europe.   

How will the EU's continued privacy law investigations into Google's practices affect Google's users in the United States?  When will the FTC follow the EU's lead and request more information about Google's updated privacy policies?  While it is too soon to speculate on the FTC's next move, it would not surprise me if the FTC eventually investigates Google and/or others who change their privacy policies to better enable the data mining of users' content. 

The EU data protection authorities and the FTC must properly balance the personal privacy rights of citizens with the ability of digital companies to be able to continue to thrive and expand.  Should Apple, Facebook, Google, etc.. be allowed to collect, archive, and utilize user data without any limits?  Last December, there was a major outcry when Instagram (Facebook bought it last year for $1 billion dollars) changed its privacy policy so it would be able to better data mine/monetize the personal content of its users.  Only after a very public uproar, did Instagram reverse course on most of its proposed privacy policy changes.       

What if Instagram followed through with all of its planned privacy policy changes?  Would users have any real recourse against the service absent deleting their account?  Should digital platforms be able to change their privacy policies to enable them to better data mine their users' personal data at any time?  Some digital services/platforms have become so intertwined in our lives (Ex:  Apple, Facebook, Google, etc...) that users may be willing to agree to any updated terms to continue to participate.

The television show South Park had an interesting observation about what happens when a company changes its policies in an episode last year titled the Human Centipad. This episode demonstrated to the extreme of what may happen when a company is able to unilaterally change its policies and its users must agree to them to continue to utilize the service.  

When Apple, Facebook, Google, etc... update their policies and these changes appear to erode personal privacy protections and/or enable more data mining that does not appear to be in the best interest of users should regulatory authorities around the world, including the FTC, stop or modify these changes?  If Google's privacy policy changes are not legal in Europe should they be legal in the United States?  Should European digital users be afforded greater privacy protections than those in the United States?    

To learn more about these issues you may contact me at

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved. 

No comments:

Post a Comment