German Court: Google Privacy Policy Violates Consumer Rights

A German court has ruled that Google’s integrated privacy policy violates its national data protection law, according to a report from IDG news service. Google has had trouble and been criticized in Europe since consolidating its many privacy policies into one in March 2012.

Google has maintained that its unified privacy policy, which allows the company to combine data sets across Google properties, benefits consumers because it’s simpler than having numerous, independent privacy policies. European governments have repeatedly asked for clarifications, additional information and more recently changes from Google.

The conflict has resulted in a kind of stand-off with increasingly bellicose threats from European regulators about action and fines. Now the German court has struck what may be a sweeping blow against Google’s policy and could result in changes and new notification burdens on Google throughout Europe.

The essence of the ruling is that many of the terms in the privacy policy are too ambiguous and don’t provide enough information to consumers about what Google is collecting and how the company is using or intends to use their data.

According to the report the legal case in Germany was brought by the Federation of German Consumer Organizations (VZBV). The organization had complained about 13 specific clauses in Google’s privacy policy, almost all of which were found by the German court to violate that country’s data protection rules.

Google may still appeal the case. But it’s significant because most data protection laws across Europe are fairly consistent. So a violation in one country is likely to be a violation in another.

Apple and Samsung have also been targeted by VZBV. Apple’s policy was also held in violation of German privacy rules.

VZBV is a private organization. Independently France’s National Commission for Computing and Civil Liberties (CNIL) is putting pressure on Google (on behalf of a pan-European effort) to change its privacy policy.

In June, CNIL told Google that it had roughly four months to adopt or address CNIL’s recommendations or face fines and potentially other penalties. Reports indicate that Google has declined to make any substantive changes to date, maintaining that its privacy policy respects European law.

It’s unlikely that Google will prevail on appeal in Germany. CNIL will also probably feel validated or emboldened by the German court ruling.

In the end Google will likely be forced to further clarify how it’s using consumer data and will probably need to make its privacy policy more visible — in the same way European websites are now required to prominently disclose the use of cookies to site visitors.