The slow-motion collision of Google and the EU privacy watchdogs has taken most of this year – and it is not over yet, by a long shot.
The new Google privacy policy, which merges all user data into one money-making pot for Google was on the table, and EU privacy bodies warned it would fall foul of regulations. Google went ahead and implemented it, and was duly warned that there could be trouble.
Today, that trouble emerged… and yet, Google is still insisting it won’t have to make any changes to the policy. And we would expect, whatever the changes it does make, it won’t have a huge impact on the company.
All this could have been seen well in advance. Google must converge user data, if it wants to continue making lots of money from the behaviour of its users.
The European watchdogs’ Article 29 working Party gave a clear signal it meant business when it sent the French regulator, CNIL in to do battle.
It could have appointed the Irish regulator – given that Google’s European head office is there, though that is purely to avoid paying taxes.
It could have appointed the UK’s regulator, but the ICO, has a notaby gentle approach to Google. There’s also a bit of a revolving door, as a senior Google privacy executive actually shifted across from the ICO, after the ICO had investigated Google’s notorious WiSpy data collection incident.
“The choice of CNIL to co-ordinate the European DPAs was in itself a sign of things to come,” said Marc Dautlich, head of information law at law firm, Pinsent Masons. “The CNIL is widely considered to take robust positions on privacy matters.”
But now that CNIL has pronounced Google to be a privacy perpetrator, what next? Will we see a sudden change in anything? Well, no.
Firstly, Google doesn’t agree, and has well-paid lawyers who are lining up to explain its side of the argument, putting the case that it is doing just fine over privacy, and only needs to share user data in order to give its users the kind of exciting services they want.
Secondly, even if Google’s objections are ruled out, there’s no unified system for privacy in Europe. CNIL lead the inquiry, but its recommendations will be implemented (or not) by a patchwork of regulators, who all have widely differing powers and attitudes to cases like this.
This judgement is supposed to usher in a new “co-ordinated era” which will apply combined pressure on Google. “The characteristics of the new era are co-ordinated activity by DPAs and early publication of the chargesheet,” said Dautlich. That’s supposed to be more effective than the old order, where individual users ganged up on privacy perpetrators – but I can’t see the new order getting into gear very quickly.
The real Google privacy issues are only just starting too. In the US, the search firm was fined £14 million ($22.5m) for abusing the privacy of users of the Apple Safari browser, and it has faced a stream of objections to its StreetView application.
So Google will see these new orders as just one more front in a privacy battle which it is determined to win, by attrition or any other means – as its users’ data is quite simply its biggest asset.
In the end, Google is likely to triumph. It has the resources to argue the toss for a good long while, and then implement something which meets the minimum requirements of the regulators. And then it will be down to the users to operate in a smart way within what the company sees fit to offer.
At that point, the users come into play, and whatever extra tick-boxes the EU regulators can persuade Google to install, those users will probably just tick them, and give Google the data it wants, rather than face any delay in using Gmail, Youtube, Google Maps or any of its other services.
Big players like Google have the clout to get users to login smoothly and consent to have their data shared. So the EU’s action could, in the end actually benefit the large US players like Facebook and Google, while making life harder for smaller European players.
“The proposed EU Data Protection Regulation, with its stiff requirements in relation to consent (including online) is actually likely, in the digital world, to benefit the larger (almost exclusively US) platform businesses,” said Dautlich. Users will feel that participating in Google and Facebook is essential, but will feel they can make a more “nuanced” decision, tweaking their acceptance – or even rejecting – smaller players which don’t have such a huge share of the online mind.
It’s a depressing thought. No matter how good the EU’s privacy stance against Google, the sheer size of the company may rule against it being really effective.
Are you a Google expert? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…