Time for action on Google’s privacy policy


In a statement issued today, it was announced six European data protection authorities are to launch coordinated and simultaneous enforcement actions relating to Google’s privacy policy.

We raised concerns at the time about how the “simplified” privacy policy made it possible for Google to combine data from across a whole range of services, without consumers being able to understand what happens to their data or to choose to not share their data in this way.

Google has repeatedly put profit ahead of user privacy and the way that the company ignored concerns from regulators around the world when it changed its privacy policy showed just how little regard it has for the law.

As our research in February found, more than 7 in 10 (71%) of the British public say that privacy and data regulators were right to investigate Google’s privacy policy and how it allows Google to collect and combine data on consumers. A clear majority (66%) of the British public say that national regulators should be doing more to force Google to comply with existing European Directives on privacy and the protection of personal data.

Just because Google is a big business does not put it above the law. The company has ignored the authorities and refused to make any meaningful changes to how it collects sand uses people’s data.

Consumers are increasingly concerned about how their data is being used and it is essential that those breaking the law are properly punished. It is essential regulators find a sanction that is not just a slap on the wrists and will make Google’s think twice before it ignores consumer rights again.

One area of particular concern is the fact that an increasing number of British public sector organisations are using cloud based services, including those provided by Google. We question if, given the clear statement from European data protection reglators, it should be made clear that no British citizens personal information should be uploaded to a Google cloud server. Perhaps such a step would be more effective than a simple financial penalty.

Those who flout the law, and the concerns of regulators, should not be able to carry on doing business without any hindrance. Google ignored warnings about its new privacy policy and kept consumers in the dark about what it meant for their data.

The question is not whether action should be taken, but if the action that will be taken is really enough to force Google to change it’s ways.



  1. Links 3/4/2013: Valve GNU/Linux Distribution | Techrights
    3rd April 2013

    […] Time for action on Google’s privacy policy […]

  2. anon
    3rd April 2013

    It would be so much better if organisations or others had to gain explicit consent for each of the ways that they want to use our data. I do not mean a tick box effort but a method where we would be given a full explanation of each potential use and only if we consent could our data be used. It is so easy for companies like Google to force us into consenting by a tick box or inadequate explanations.

    An equally growing problem is the way that banks and other institutions give an overarching clause in their T&Cs basically saying that they can use our data any way they like provided they claim (even if it is extremely tenuous) that it is for anti-money laundering purposes and so on. This must be the most over-used fraudulent claim ever. If you query this clause watch the blundering and stumbling over words when they try and fail to give an adequate explanation. Merely saying, it is the law doesn’t cut it and the government needs to do something to prevent these laws being used like this. The more we are pinned against the wall and forced to let others have more rights over our data than we have ourselves then Google will simply take advantage of this. No-one looks after your data like you do. Once others have your data it is but a mere click of a key on a computer or mobile phone for it to be shared (with or without your consent). Data protection laws need to be much stricter and adequately enforced.

    • antifalseflag
      22nd August 2013

      they wont ask us for consent because they would never get it. much easier to simply take consent as a given and then offer a very complicated opt out for thoe who ntice the data is being misused for spying or marketing

  3. antifalseflag
    3rd April 2013

    Google permit cyber stalking , vote rigging and impersonation accounts on its YouTube platform. Google also collude with psywar agencies to attack individuals who question western foreign policy and in particular Israels human rights abuses

    • Guest
      3rd April 2013

      Google permit cyber stalking , vote rigging and impersonation accounts on its YouTube platform

      Yet it forces its real name policy for its Google+ service.

      • antifalseflag
        3rd May 2013

        if you have been following recent events you may know that Tamerlan Tsarnaev (21 subscribers , 0 video views !!!!)was SUPPOSED to have had a YouTube channel devoted to terrorism. that is a big lie . the channel was created as part of a frame up. I know this for a fact as the same thing happens to me,

        my YouTube channel is truthseeker9eleven.

        I am heavily targeted by Israeli agents with FULL YOUTUBE support

        • John Name
          3rd May 2013

          Mad tosh.

          • antifalseflag
            28th June 2013

            not mad tosh at all you pathetic cipher. maybe its ad tosh that Google has been caught red handed supplying data to the illegal NSA, what an ASS you are

      • antifalseflag
        28th June 2013

        we have just witnessed a major data dump about Googles policies and collusion with the NSA. in my personal case my channels are subjected to strict politcal censorship from Zionists which include channel removal, video deletion and the loss of my linked email account. Google is evila nd MUST Be stopped

  4. Jon Davies
    3rd April 2013

    It’s mind boggling the data that is being collected on all of us internet users. What particularly concerns me is the linking of data from other sources eg facebook is used for commenting quite frequently now and this ties back to a lot of personal data on friends etc.

    • antifalseflag
      28th June 2013

      i find the number of trackers, scripts and cookies on almost every site an outrage . why must every aspect be monitored

    • Scott Thompson
      16th January 2014

      Google removed the application Device Manager from there Jelly Bean Operating System shortly after rolling it out, may users where oblivious as to why, the real reason was because google had not only designed it as a feature to factory reset the handset if stolen or lost, but it also collected user Data in the back-ground with Google Analytics. Without the end users consent.

      It’s high time that people realised that all this talk of Edward Snowden coming forward warning everybody about how the NSA or national security agency has it’s fingers in everything is absolutely correct.

      For years we’ve all had to sit there and listen to them boast about how they can get into anyone’s computer or phone with the end users pretty much remaining oblivious about how they’re going about those step’s.

      The Security Enhanced context’s being designed into the Android Operating System. Google’s flagship product are in point of fact distributed by the NSA and it’s based on a much earlier model of security they designed called Flask and whilst this is indeed very secure in respect of Mandatory Access Control model’s the gapping stygian black hole in every computer system is of course the Facade that we all know as PKI – or Public Key Infrastructure.

      Every computer system right up from Microsoft Windows all the way to Open Source Linux adopt’s the Model of embracing the Crypto_API or in less geek speak, that is the Cryptographic Application Programming Interface. User’s believe that when they use SSL or secure sockets layer to visit website’s that this keep’s there data safe and out of the hands of the prying eye’s.

      However nothing could be further from the truth, when you the end user use PKI or Public Key Infrastructure, that’s exactly why it’s called Public, because the Private Keys or the Master Key which then decode’s that Data is in the hands of the person who issued that Security Certificate for your device.

      So let’s take a quick glance at who those people are…

      Amonst your security certificates you will find a lot of big names in the information technology world, not least amongst them Microsoft, Symantic Antivirus and of course the Chambers of Commerce.

      So is it really such a surprise to people how it is they’re going about reading everything, every single person on the internet has to say regardless of if they use a secure connection or not. They’ve been doing it for years, they called it Echelon and it’s been around far longer than this project in the Public eye called Prism.

      People should have realised by now, when they’re doing there online banking, there not the only people reading there bank statements!

  5. Time for Action on Google’s privacy policy | University of Wales, Newport: Information Security and Privacy
    4th April 2013

    […] //www.bigbrotherwatch.org.uk/home/2013/04/time-for-action-on-googles-privacy-policy.html#more-5… […]

  6. JohnOnline
    23rd March 2015

    Google has made no secret of its intentions–pop-ups alerting users to the transition can be seen on the home pages of all its services.
    But despite the warnings, you might still be wondering how, exactly, the change will affect you. Is it really as scary as media are warning?