You should always read very carefully the various terms of service associated with the social media networks in which you participate – particularly with respect to ownership of the material that you post and/or share on these sites. In other words, do you know who owns what you post?
The letter requests a response by February 29. It’s unclear whether a response was provided.
EPIC v. FTC Lawsuit
Five Privacy Organizations Request Congressional Hearing
On February 27, 2012, the Commission Nationale de l’Informatique et des Libertés (CNIL) – an independent commission in the French government charged with “ensuring that information technology remains at the service of citizens, and does not jeopardize human identity or breach human rights, privacy or individual or public liberties” – sent a letter to Google, reporting that it has preliminarily concluded that “Google’s new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially regarding the information provided to data subjects.” (The phrase “data subject” refers to “an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.” Art. 2, Definitions, (a))
The Commission had been asked by the Article 29 Data Protection Working Party of the EU to take the lead on this investigation. (Google’s response to the initial letter from the Article 29 Data Protection Working Party was sent on February 3, 2012, and basically argued that its policies had not changed, but were merely consolidated.)
Earlier, but for similar reasons, on February 23, 2012, the Australian Privacy Commissioner, Timothy Pilgrim wrote to Google on behalf of the Technology Working Group of the Asia Pacific Privacy Authorities expressing concern about the implementation of the new changes. Google responded on February 29.
Here are some samples of articles published in the past few days on this topic:
Google’s Response Thus Far
Google has not posted any response on its press releases page, but that’s not to say that Google hasn’t responded directly to any of these organizations. At some point, I’m sure that Google will make some public statement – in some forum – that will continue to defend its decision to consolidate its privacy policies and the accumulated consumer data into one single data source, probably on the grounds that this is a benefit to consumers because it would allow Google to customize its services to their use.
It appears that the only recourse a consumer has if he or she does not want to participate in the new consolidation of their data currently spread over various Google services is to cancel all Google accounts. It could be very time-consuming to find replacement services (for instance, set up and transition to a new email account, remove YouTube video content and re-post somewhere else that does not require such a broad license to the host, port a blog from Blogger to WordPress (for instance) and publicize the new address). For anyone who uses these services for business or advertising/marketing purposes, the impact in both time and money – and perhaps goodwill developed from a loyal following – could be significant to transition to new providers. As a result, perhaps it’s not really a valid “choice.”
Note also that in the Advertising and Privacy section, Google explains, “Ads that appear next to Gmail messages can also be personalized based on emails in your account. Read more about ads in Gmail and your personal data.”
You can also request that content you don’t want to be included in Google’s search engine results be removed. Details are here: http://support.google.com/webmasters/bin/answer.py?hl=en&answer=164734 (Google cautions that these tools should only be used to remove pages urgently – such as if a private credit card number is exposed – where immediate action is required. Google adds that using the tools too liberally within your own web site could cause functionality problems.)
As mentioned above, these new policies go into effect across the board for Google services on March 1, 2012. You have a little time between now and then, and I’d encourage you to read these policies for yourself and determine what pieces (if any) matter to you so that you can make changes or opt out, if necessary to protect your interests.
Within the last few weeks, two major companies have been sued for alleged violations of privacy laws – one filed before the Federal Trade Commission seeking an investigation into Facebook’s privacy settings and the other filed in federal court, styled as a class action against Netflix. (The Netflix suit will be analyzed separately, in Part 2 of this topic.)
On December 17, 2009, privacy advocates filed a complaint with the Federal Trade Commission, requesting that “the FTC open an investigation into Facebook’s revised privacy settings.” In the Matter of Facebook, Inc., Docket Number —- (FTC); see also EPIC’s Press Release, “EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission,” Dec. 17, 2009.
Other Information about Facebook’s Privacy Policies
* EPIC has also developed an “In Re Facebook” page, on which it summarizes all of the actions it has taken to date relating to privacy issues faced by Facebook participants, provides a background to the debate, and chronicles various articles that have been written about the complaint. (Last updated on Dec. 30, although it appears to be kept current, so keep checking back.)
* The Electronic Frontier Foundation (EFF) has also posted (Dec. 21) an interesting article on its Deep Links Blog entitled, “Who Knows Who Your Facebook Friends Are?”, discussing how Facebook’s changes to its privacy policies have exposed users’ list of friends – thus causing real problems for political activists operating under oppressive regimes. Another EFF article worth reviewing in detail is “Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly” (Dec. 9).
* The New York Times’s Brad Stone blogged about the lawsuit in an article entitled “Privacy Group Files Complaint on Facebook Changes,” (Dec. 17) which has been updated to include Facebook’s response to the Complaint. The response notes that Facebook “discussed” the revisions to its privacy policies with regulators, including the FTC.