The letter requests a response by February 29. It’s unclear whether a response was provided.
EPIC v. FTC Lawsuit
Five Privacy Organizations Request Congressional Hearing
On February 27, 2012, the Commission Nationale de l’Informatique et des Libertés (CNIL) – an independent commission in the French government charged with “ensuring that information technology remains at the service of citizens, and does not jeopardize human identity or breach human rights, privacy or individual or public liberties” – sent a letter to Google, reporting that it has preliminarily concluded that “Google’s new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially regarding the information provided to data subjects.” (The phrase “data subject” refers to “an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.” Art. 2, Definitions, (a))
The Commission had been asked by the Article 29 Data Protection Working Party of the EU to take the lead on this investigation. (Google’s response to the initial letter from the Article 29 Data Protection Working Party was sent on February 3, 2012, and basically argued that its policies had not changed, but were merely consolidated.)
Earlier, but for similar reasons, on February 23, 2012, the Australian Privacy Commissioner, Timothy Pilgrim wrote to Google on behalf of the Technology Working Group of the Asia Pacific Privacy Authorities expressing concern about the implementation of the new changes. Google responded on February 29.
Here are some samples of articles published in the past few days on this topic:
Google’s Response Thus Far
Google has not posted any response on its press releases page, but that’s not to say that Google hasn’t responded directly to any of these organizations. At some point, I’m sure that Google will make some public statement – in some forum – that will continue to defend its decision to consolidate its privacy policies and the accumulated consumer data into one single data source, probably on the grounds that this is a benefit to consumers because it would allow Google to customize its services to their use.
It appears that the only recourse a consumer has if he or she does not want to participate in the new consolidation of their data currently spread over various Google services is to cancel all Google accounts. It could be very time-consuming to find replacement services (for instance, set up and transition to a new email account, remove YouTube video content and re-post somewhere else that does not require such a broad license to the host, port a blog from Blogger to WordPress (for instance) and publicize the new address). For anyone who uses these services for business or advertising/marketing purposes, the impact in both time and money – and perhaps goodwill developed from a loyal following – could be significant to transition to new providers. As a result, perhaps it’s not really a valid “choice.”