Who’s your role model for EU privacy notices? The latest Google Undertaking

Susan Foster, Ph.D.
Mintz - Privacy & Cybersecurity Viewpoints
Contact
LinkedIn
Facebook
X
Send
Embed

When small and mid-size companies start expanding their apps or web presence into Europe, they need to start thinking about EU data protection laws.  It’s tempting to take a look at what one or two of the “big guys” do about EU data protection compliance and think that whatever  the big guys do in Europe must be good enough.  But the ongoing saga between Google and the EU’s data protection authorities shows that this approach shouldn’t be adopted uncritically.

In the latest Google EU privacy development, Google has signed an undertaking (binding commitment) with the UK’s data protection office (the ICO) to make a number of changes to its privacy policy.  Google has been in dialogue with EU data protection offices both at the country level and through the Article 29 Working Party since Google adopted a unified privacy policy across its products and businesses in 2012.  While the ICO has recognized that Google has made progress since 2012, the ICO has recently determined that “further improvements” are needed.  Google has agreed to a number of specific requirements, including:

  • Making it easier for users to find information about Google’s privacy policy.
  • Describing its data processing activities more clearly in its privacy policy, including clarifying the types of information that it processes, the purposes, and how users can exercise their rights.
  • Providing “clear, unambiguous and comprehensive information” regarding its data processing,” including an “exhaustive list of the types of data . . . and purposes.”
  • Providing more information about its use of anonymous identifiers (a next-generation tracking/behaviorial profiling technology that’s being developed and may eventually replace cookies).
  • Educating its employees better concerning notice and consent requirements.
  • Making sure that users are equally protected regardless of what device they are using (mobile phones, tablets, desktops, and any new devices that are invented).

Google has committed to putting these changes into effect by June 30, 2015.  In the meantime, Google’s undertaking provides a useful spotlight on the areas of EU data protection compliance that the ICO (and other data protection offices) think require significant attention.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz - Privacy & Cybersecurity Viewpoints | Attorney Advertising

Written by:

Mintz - Privacy & Cybersecurity Viewpoints
Mintz - Privacy & Cybersecurity Viewpoints
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Mintz - Privacy & Cybersecurity Viewpoints on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide