Under the new policies, announced by Google last week, the Internet giant would combine data from different services that it had kept separate in the past.

“Google is making a huge change that weakens your privacy protection,” said John M. Simpson, Director of Consumer Watchdog’s Privacy Project. “I am glad the Europeans have taken the lead on this, but now it’s imperative that the FTC determine if Google has violated its consent agreement.  I think they have.   Google is using your data in a new way and not making the change on an opt-in basis as the consent agreement requires.”

Jacob Kohnstamm, chairman of the Article 29 Working Party, an association of the data commissioners from the European Union, wrote Google CEO Larry Page seeking the delay in implementing the policies, due to go into effect March 1.

“Given the wide range of services you offer, and popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states,” wrote Kohnstamm. “We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated procedure.”

He said the French data protection authority, the CNIL, would take the lead in the analysis.

Click here to read his letter.

Google’s consent agreement with the FTC came as a result of the “Buzz” debacle in which the Internet giant displayed users email addresses without their consent as it tried to launch a social network. Under the terms of the agreement, Google can’t use data it has collected in new ways unless users opt in to the new use.

Click here to read the consent agreement.

- 30-

Consumer Watchdog is a non-partisan U.S. public interest organization with offices in California and Washington, D.C.  For more information, visit us on the web at http://www.ConsumerWatchdog.org

A change to the 1988 Video Privacy Protection Act (VPPA) recently sailed through the House of Representatives without a hitch. The bill would allow a provider of rental DVDs or videos to get consent to share their customers’ title selections, as long as users were provided with an opportunity to withdraw that consent.

That smooth ride ended in the Senate Judiciary Subcommittee on Privacy, Technology and the Law, when opponents of the measure took the opportunity to grill Netflix (Nasdaq: NFLX), which has been pushing hard for the change.

At face value, the measure seems harmless enough. The VPPA was passed after the titles of Supreme Court Justice candidate Robert Bork’s video rentals were published in a newspaper article. Outraged, Congress passed what was for then — and now — a fairly airtight law: A provider cannot publicize or otherwise share video-watching habits of its customers without express written permission.

Netflix would like to see an exception carved out. It wants to be able to automatically share the titles of customers’ video rentals after securing their permission just once, and continue to do so indefinitely unless and until that permission is revoked. The law would allow Netflix and other providers to share movie titles not only with social-media outlets such as Facebook, but also with third-party partners.

Privacy advocates hate the proposal.

“It is a horrible idea,” Consumer Watchdog’s John M. Simpson told TechNewsWorld.

Netflix’s Argument

Video rental providers like Netflix are operating at a disadvantage compared to providers of books or music, many of which egg on their customers to help promote their products by sharing what they have read and listened to on Facebook. Such word-of-mouth marketing is the heart of social commerce.

Not surprisingly, providers of video services want in.

However, critics of the measure argue that amending the VPPA would erode one of the few strong consumer privacy measures to come out of Washington.

“This law provides fairly good protection, and for once it has carried over into the digital realm,” Simpson said.

There are other reasons privacy advocates dislike the measure — reasons that its proponents haven’t highlighted. For instance, the amendment would allow video providers to share data with third-party partners, not just social networks. It is easy to image the implications for targeted advertising — someone who rents a “learn to ski” instructional video could expect to be targeted with ads from ski resorts and sports equipment retailers, for example.

Why Not Ask Every Time?

Senators at the hearing wondered why Netflix couldn’t offer consumers the option of asking if they wanted to share their video selections each time they rented or streamed a flick. Certainly, many customers have rented video titles they would prefer not to share. Critics suggested that Netflix was more interested in making money from customer data than in protecting its clients.

“Prudence in the protection of privacy ought to be the thing that guides us,” said Sen. Tom Coburn, R-Okla. “The question is, should we err on the side of privacy or err on the side of commerce?”

Given the objections voiced in the hearing, this bill will not have an easy time becoming a law, suggested Torin A. Dorros, partner with Michelman & Robinson.

It is possible it could if the consent were clear cut and opt-in — that is, made in such a manner that the consumer couldn’t easily miss it or mistake it for something else.

“How the permission request is written and how the consumer is given a choice — opt in or opt out — will have a lot to do with whether it gets passed,” he predicted.

“Your investigation into Google’s practices that affect millions of Americans should be public,” John M. Simpson, director of Consumer Watchdog’s privacy project, wrote in this letter to Mack. “There is a substantial irony in a secret briefing from a company that claims its mission is to organize the world’s information and make it more accessible.”

Mack intends to follow through with the secret briefing, says her senior adviser Ken Johnson.

“These types of informational briefings are routinely held for members and staff only,” Johnson says. “It gives us an opportunity to collect information, ask tough questions and determine whether a hearing or investigation is warranted.”

Google announced last week that it will consolidate dozens of user agreements for its most popular services into one privacy agreement encompassing them all. Starting March 1, the company will have the ability, policywise, to correlate what a user does across most of its online services, whether a user accesses them on PC Web browser or via any Internet-connected mobile device using the Google Android operating system.

Johnson noted that Mack plans to “aggressively question Google” about its “lack of an opt-out provision” for consumers under its new users’ policy.

Google asserts that users will maintain “choice and control,” that Google is not collecting any more data than it already does and that its intent is to improve user experience.

Critics in Europe and the U.S. worry that consumers won’t have meaningful control over personal information collected and archived by Google as part of its popular Internet-based services, including search, Gmail, Google Apps, YouTube and Picasa.

“Google collected the information under one set of rules and is now changing the game without giving people an opportunity to opt out,” says Simpson. “Allowing Google to give secret briefings does not serve the committee nor the public interest. One can only wonder what Google has to hide.”

In Europe, Norwegian public sector agencies will be banned from using Google Apps due to concerns that the service could put citizens’ personal data at risk, according to the Financial Times. Europeans are particularly concerned about provisions in the Patriot Act, which requires U.S. companies to disclose data to U.S. authorities, when asked.

Last year the town of Odense in Denmark banned use of Google Apps in its schools due to concerns about leaving personal data at risk. The German government is working on stricter data protection rules and France is pursuing a venture to promote French cloud services over U.S. rivals, the Financial Times reports.

Those three words have long served as Google’s unofficial mission statement — a message to doubters that even a megacorporation with absolute market dominance can still be an exemplar of benevolent capitalism. But last week, when the search engine giant announced updates to its privacy policies and terms of service, the blogosphere erupted with fears that Google had finally gone Big Brother on us. Why? Right now, data collected from Google account members by each of its subsidiary products (Google Search, Gmail, Contacts, Calendar, YouTube, etc.) is compartmentalized: Even though you log in to each service with the same account, the data is collected separately. But under the terms of the new privacy policy that goes into effect March 1, all members’ personal data is aggregated across those products, creating one mega-profile across the entire Google brand, and not everyone is convinced that Google’s motivation is as pure and squeaky-clean as its stated goal of creating a “beautifully simple, intuitive” user experience.

“There’s a rather reflexive panic-mongering that happens around a) privacy, and b) the net, and c) Google,” says media commentator and What Would Google Do? author Jeff Jarvis of the backlash the company received last week to news of the change.

EW dug into the new privacy guidelines to determine what’s changing, what’s staying the same, and what you can do, if necessary, to protect yourself and your information. Here’s what we found out:

What to expect if you have a Google account

Google’s subsidiary products have always collected data from Google account members based on information they input, search queries they run, pages they visited, etc. On one hand, privacy advocates actually could take heart, because the new policy shows a movement by Google toward transparency and simplicity regarding its use of user data. It essentially condenses 70 separate policies — one for each subsidiary Google product, like YouTube or Gmail — into a single company-wide master policy. “There’s nothing new about Google sharing data within the company,” says Jarvis, who also founded Entertainment Weekly in 1990. “That has been its policy. Google has now simplified and clarified its policies by bringing them together and standardizing how they operate.”

The concern, however, is due to the fact that each Google product will now share that information with the other Google products, creating a detailed profile of each user based on the personal information gleaned from use of those products. So if you’re logged in and run a Google Search for Lady Gaga, the next time you visit YouTube you may find Lady Gaga music videos or TV appearances suggested for you, even though you haven’t previously searched for her on YouTube itself. Or, say you’re thinking about buying a new car and have been running a Google Product Search. Google will remember your search history, so the next time you type in “Jaguar,” the car company will pop up first, not a Wikipedia entry on a big cat. The only products to still have separate privacy policies? Google Wallet and Google Books, which will not share data with other company services. Nor will the Google Chrome browser.

It’s the advertising, stupid

The enhanced ability to create a personalized profile does potentially create a more convenient and personalized experience with Google products. “This really is a positive thing,” Craigslist founder Craig Newmark tells EW. “It makes it easier for them to serve people better.”

But some experts say that Google is doing this, in part anyway, to further monetize its users. “People need to understand that when you’re not paying for something on the Internet, you yourself are the product,” says new-media scholar Dan Gillmor.

Consumer Watchdog’s John Simpson points out that personalized advertisements targeted directly to a specific user, based on user-collected information, can be “a substantial amount” more lucrative than just an anonymous ad. And with all the information Google can collect about your interests from your searches, your Google Docs, and your favorite YouTube videos, they can figure out pretty specifically what ads they should show you. “They are positioning this as streamlining privacy,” Simpson says. “But that’s just PR. It’s all about better targeting for advertisers.”

How do you opt out?

There’s only one way to opt out: Close your account and take your data elsewhere. Google is not allowing its account holders to opt in or opt out of the new data-sharing policy. Though some of the experts we spoke to found that potentially problematic, a representative for Google tells EW that the lack of an opt-in is pretty standard in this situation. “The way this works is that if you use the service, you implicitly agree to the terms of service,” says the rep, who wished to remain anonymous. “If iTunes pops up with an update, you have to agree to those terms of service. How do you go about opting out of their terms of service while continuing to use iTunes? You can’t.”

Actually, there are other ways to semi opt out. You can use different browsers when using different services: Google products only communicate with one another if they have the same default browser. Or simply log out of your account. Installing cookie-blocking and ad-blocking software can stymie part of Google’s data collection as well.

When it comes to sharing your information with third-party advertisers, Google does in fact allow you to opt out. Its Ads Preferences Manager keeps a record of the different ad categories into which you’ve been placed, based on your Google account history — and even your logged-out browser history, in general — allowing you to opt out or suggest different ad categories into which you could be placed.

And Google says it’s still very committed to the idea of “data liberation.” That is, if you do wish to close your account at any time, you can easily export all of your data to one of Google’s competitors. “There’s clearly a group of people inside the company who are major advocates for data liberation,” Gillmor says. “I still believe that they mean it when they say, ‘Don’t be evil.’”

You can keep track of how Google’s keeping track of you

Log in to Google Dashboard and you can find out exactly what data Google has about you across all its services. For you Android handset owners, there’s even an Android section that allows you to see what information Google has collected about you via your smartphone or tablet.

Speaking of Android, there’s really no way to opt out of these privacy changes on my Android phone, right?

Yeah, pretty much. “This is holding Android OS users hostage,” says Simpson. The problem is that Android phones typically require apps that demand you be logged in to your Google account in order to function. Most Android phone users automatically employ Gmail, Contacts, or Calendar, so your device ID, your phone number, the date it was registered, and even the location of the device at any given moment can be associated with your Google account. Jarvis says, “I do believe there are benefits that come to users: When you ask for pizza on your Android phone, it’s only helpful that Google knows where you are so it can tell you where the nearest pizza is rather than giving you a Wikipedia history of the pie.”

But if this still makes you uncomfortable, there’s yet another way around it. Back up the files on your phone, then perform a factory data reset. That will dump all of your settings, data, and apps. Then you’ll just avoid signing in with your Google account and download a non-Google app store. You can disable Google’s location service, set another default search engine, add a mail client from a non-Google vendor, load the settings and profile data Google has allowed you to export into your new apps, and you’ve been well and truly de-Googled.

Sure, nothing will change if you don’t have a Google account. But Google still knows a lot about you.

That’s right. If you don’t have a Google account, these changes in their Terms of Service won’t affect you at all. But you may want to know a little bit more about what information Google can still collect from you, even without being logged into an account. When doing a standard Google Search, the company receives anonymous information such as search queries, and the IP address of where the search query came from, that’s kept in logs for a limited amount of time. As Google’s representative told EW, “We basically know what people have searched on Google so we can build products like Google Trends that follow the history of searches.”

When you run a Google Search, it installs cookies into your browser that sets the language you searched in, the Google domain you searched in, and keeps track of what websites you visit to personalize advertisements for you. Yes, even if you don’t have an account at all, Google can still collect enough data about you from your searches to determine your age, gender, location, and ad categories into which you should be placed. Again, you can opt out of this by visiting Google’s Ads Preferences Manager. But quite frankly, most people who aren’t Google account members never even think that they have the ability to opt out — or even know whether information is being collected about them in the first place.

Don’t worry, your Gmail is safe. For now, anyway.

One worry is that, with all of Google’s new data sharing, the company may even scan the contents of e-mails received via Gmail to learn more about you for advertiser targeting. “That’s definitely a possibility,” the Google rep tells EW. “But we haven’t done that yet. If we were to do that, we would announce it and offer you the transparency and choice we give you for all of our advertising products. But we think something like that would be a really good user experience.” The idea being that, to take the Jaguar example again, you receive a lot of e-mails from car companies, so the next time you type in “Jaguar” to Google Search, the car company will pop up first. It seems pretty obvious, though, that most people wouldn’t be willing to trade the privacy of their own e-mails for slightly increased search engine efficiency. “If I found out a company was doing that I would switch e-mail providers in a microsecond,” says Gillmor, the new-media scholar.

In conclusion

These new terms of service follow the social contract of the Internet era: You pay to use Google’s services, not with money but with your very identity. If you don’t want to pay, then you won’t receive Google’s services. By highlighting the transparency of their data-sharing process, Google seems to be giving itself license to learn more about you and make more money off of you, however indirectly.

His track record has shown that CEO Larry Page is responsible enough to effectively implement these policies without causing any particular harm to Google users. “I don’t think the policy is necessarily worse in any single respect,” says Gillmor. “But it nevertheless feels like a big step toward a single enterprise knowing an incredible amount about its users. That always carries risks.” Indeed. Page has agreed to lead the company only through 2024, and there’s nothing to prevent whoever succeeds him from using all of your information with more mercenary intentions. Something to think about when cultivating your virtual identity via Google.

Are you concerned by the new Terms of Service? And, if so, what kind of action have you taken?

In a letter to Rep. Mary Bono Mack, (R-CA) Chairman of the House Commerce, Manufacturing and Trade Subcommittee, and G.K. Butterfield (D-NC) Ranking Member, Consumer Watchdog commended the committee for seeking an explanation of the change, but said the briefing should be public.

Read the letter here: http://www.consumerwatchdog.org/resources/ltrbonomack020112.pdf

“Your investigation into Google’s practices that affect millions of Americans should be public,” wrote John M. Simpson, Director of Consumer Watchdog’s Privacy Project.  “There is a substantial irony in a secret briefing from a company that claims its mission is to organize the world’s information and make it more accessible.  Once again Google’s executives demonstrate their hypocrisy: they want everyone else’s information public, but want to keep information about them behind closed doors.”

Google Deputy General Counsel Mike Yang and Public Policy Director Pablo Chavez are scheduled to brief the Committee on Thursday.

Google has tried to justify the policy changes as giving users a better experience, Consumer Watchdog said. In fact it is all about leveraging users’ data to maximize Google’s revenues, while giving consumers no meaningful control of their information, the nonprofit, nonpartisan group said.   Google collected the information under one set of rules and is now changing the game without giving people an opportunity to opt out.

“Allowing Google to give secret briefings does not serve the committee nor the public interest.  We urge you to question Mr. Yang and Mr. Chavez in public.  If they decline, one can only wonder what Google has to hide,” wrote Simpson.

- 30 -

Visit our website at: http://www.ConsumerWatchdog.org

“There are certainly some questions that we hope investors will ask,” said Meg Roggensack, a senior adviser with Human Rights First, a nonprofit calling on Facebook to address how it will deal with user privacy under repressive regimes, as well as other human rights issues.

With its IPO coming in at $5 billion, Facebook is poised for major growth, which “inevitably invites questions about where it will invest,” Roggensack said. How the social network chooses to deal with restrictive governments or how it handles privacy issues going forward could anger users, some of whom have orchestrated boycotts in the past, albeit with limited success. Less user engagement means fewer ads served; fewer ads affects the bottom line.

“If you do something and your stock goes down, you get some really irate people,” said longtime industry-watcher Jack Gold, who has worked with companies that have gone public. Facebook settled with the Federal Trade Commission in November, agreeing to 20 years of privacy audits and other conditions, after the agency charged that the network repeatedly allowed information to be shared, sometimes with third parties, and made public despite promises to the contrary.

Users, too, have taken issue with Facebook’s privacy settings in the past, but with limited success. In 2010, a group dissatisfied with Facebook’s privacy settings organized Quit Facebook Day. Nearly 40,000 people signed up, roughly 0.005 percent of the site’s current 800 million users.

“It’s hard to predict exactly what sort of gaffe they’ll do next, but it would not surprise me if there is yet another one,” said John Simpson, director of Consumer Watchdog’s Privacy Project, noting some concerns over Facebook’s recent expansion of its Timeline feature, which makes it easier to visualize, share, and view users’ profile history.

The company’s post-IPO expansion also raises privacy concerns abroad, Roggensack said. Her organization wants Facebook to clarify how it plans to respond to foreign governments’ requests for user data or censorship.

In its filing, Facebook said it does not know if it will be able to find an approach to managing its content in China, for instance, that will be acceptable to both the company and the government. “It is also possible that governments of one or more other countries may seek to censor content available on our website, restrict access, block our website, or impose other restrictions that may affect the accessibility of Facebook for an extended period of time or indefinitely,” the company said in its Securities and Exchange Commission filing.

While bad publicity can certainly hurt the bottom line, investor interest may not always align with critics’ goals. In early 2010, Google decided it would no longer censor its search results in China, largely at the behest of cofounder Sergey Brin. Analysts have debated the impact, but Google’s share of the Chinese search market is now nearly half of where it was at the end of 2009, just before the decision. And, after months of resisting, Blackberry-maker Research in Motion capitulated in October to India’s demands that it open its networks there to government surveillance.

Still, a silent few investors can wield some power, said Consumer Watchdog’s Simpson. Because of laws governing public companies, he has been able to use his two shares of Google stock to attend and ask questions at shareholder meetings over the last two years. “That can sometimes be a useful vehicle for raising a point with them,” he said.

Even if investors and critics were aligned, however, it’s not likely that Facebook will make a major misstep and give them reason to act, some consumer advocates said. “If they did something outlandish—misleading some way or another—in their proxy statements or in the initial public offering, there is the potential to take that to the SEC,” Simpson said. But, he added, “I think they would have had things fairly closely vetted.”

There may be no reason to expect any hiccups as the company goes public, but ultimately its IPO may encourage the company to be more cautious generally, Gold said. “It’s part of the maturing process of companies and I think that’s a good thing.”

Facebook has earned poor marks from privacy advocates for years, but their occasional bursts of indignation haven’t seemed to filter down to the general membership. That could be changing, though. When Facebook goes public, there will be more pressure than ever to bring in advertising dollars, and that usually means exploiting user data. That trickle of users migrating to Google+ and Twitter may soon become droves.

Zero hour is approaching as the certainty grows that Facebook will be filing for its initial public offering this week. Zero hour for excited investors and Wall Street banks — and zero hour for privacy advocates, who see a public Facebook as a very dangerous Facebook, at least as far as privacy is concerned.

Even as a private company, Facebook had no problem pushing the envelope, Consumer Watchdog spokesperson Carmen Balber told the E-Commerce Times. “Facebook is already treading dangerous waters as far as privacy rights are concerned. The pressure to monetize consumers’ user data will be greater when there are shareholders to satisfy.”

In general, Wall Street views consumer data — especially the rich treasure trove that exists in Facebook’s servers — as extremely valuable, she said. A case could easily be made that Facebook would be remiss in serving its shareholders if it didn’t maximize this information.

As for the privacy agreement Facebook and the Federal Trade Commission inked last year, Balber said it wouldn’t be enough to protect consumers, especially from a public Facebook. “It was a good start but it was only that — a good start. We always viewed it as something to be expanded further.”

Forcing Timeline on Users

It could be that Facebook’s zeal to maximize customer data will backfire on it when it becomes a public company, Wojtek Zarzycki, chief investment officer and managing director with Toronto-based Optimal Investing, told the E-Commerce Times.

One can already see that happening with Timeline right now, he added.

“From an investment point of view, we see Facebook’s decision to force the new Timeline layout on their users as a negative,” Zarzycki said. “The lack of discernment by the company to launch this product upon its users, who value choice and the freedom to choose, makes us question the management’s direction as the IPO nears.”

In general, Zarzycki said, the company is very bullish on the IPO as it comes to market. However, “this change of direction by management has raised very valid questions and doubts about the company’s ability to adapt as it becomes a public company.”

Also, any future decisions by Facebook to monetize user data will be made public, he pointed out. “Their actions and missteps will become more vocalized as they have to answer to their shareholders.”

The Threat of a Modest Google+

Then there is Google (Nasdaq: GOOG) and its Google+ network lurking in the background, added Zarzycki.

“As the proliferation of Android phones and tablets continues throughout the American market and the world, the availability of Google+ at these users’ fingertips will only accelerate the rate of increase of this social platform,” he predicted.

“Google is listening to the complaints that users have about Facebook’s lack of privacy,” Zarzycki said, “and this latest move will make them want to widen the differentials between the two platforms. ”

Other Competitors

As Google+ and other platforms offer a viable alternative, users will start to shun Facebook, said Mario Almonte, managing partner at Herman & Almonte PR, in large part because of its approach to privacy.

“Much like a long-suffering wife, Facebook users have been putting up with the abuse of their confidence and trust for many years — for the simple reason that there didn’t seem to be a better place to go,” he told the E-Commerce Times. “But now those alternatives exist, with sites like Google+ offering a friendly and familiar interface, and Twitter maturing into a more acceptable and convenient form of social communication.”

Twitter is an especially sexy alternative, noted Almonte, because of its celebrity-rich membership.

Facebook has been surprisingly quiet about the latest firestorm over its no-opt Timeline, he observed. “Regardless of their decision — whether they back off or implement it — there are strong indications that the damage is done, and they can expect to find an empty house one day. Users can take only so much abuse before they abandon them for good.”

Or maybe not. Google, Microsoft (Nasdaq: MSFT), and many others will have to respond to the changes Facebook makes that affect advertising, Eloqua Chief Privacy and Security Officer Dennis Dayman told the E-Commerce Times.

“As I see this now,” he said, “maybe this is why Google changed its privacy policy to allow for easier ability to share their demographic data between their product lines.”

Facebook did not respond to our request to comment for this story.

Both privacy advocates and representatives of businesses that handle consumer data are flocking to Brussels. Why? The EU has proposed a strict set of new data privacy rules that would restrict companies such as Facebook even more than they currently do.

Facebook, et al., have descended on the city in the hope of softening some of the restrictions, while privacy advocates such as John M. Simpson, the Privacy Project director at Consumer Watchdog, are there to keep the EU on its intended path.

“This is the battleground right now,” Simpson told the E-Commerce Times. “In this global, digital, highly interconnected world, it quickly becomes the case that companies want harmony in their standards. So, if the Europeans continue to their stand for basic human privacy rights, that will set a standard that will go worldwide and have tremendous benefits for the U.S. consumer.”

The Onus on Business

Businesses, not surprisingly, might not agree with Simpson’s characterization. As currently proposed, the law comes with significant financial penalties for infractions — 2 percent of a company’s annual turnover.

If approved by all 27 EU member states and the Parliament, the proposal could become a directive by the end of next year.

Essentially, the proposal, presented by EU Justice Commissioner Viviane Reding, calls for a single set of data protection rules that would eliminate unnecessary administrative requirements, such as notification requirements for companies.

Instead of companies having to notify data protection supervisors about their activities, they would only have to deal with a single national data protection authority in the EU where they had their main operations.

That is the good news for companies. The proposed directive would also come with very rigorous protections for consumers — chief among them a so-called “right to be forgotten.” In short, it would give consumers the right to have their data deleted from any record if there were no legitimate grounds for retaining it.

A Novel Approach

The “right to be forgotten” is a novel approach to privacy, Simpson said — and one that he believes has become essential in a digital environment. “In the old bricks-and-mortar world, these things took care of themselves. Now it is important for people to be able to have information deleted that no longer accurately represents who they are.”

There are other protections as well, he noted. The proposed law also calls for explicit consent to be monitored or tracked.

“A company cannot assume that just because someone signed up for something on a website, that means they are willing to be tracked forevermore from that point,” noted Simpson.

Reduced Administrative Burden

From the business perspective, there are some benefits to the proposed directive, Jim Halpert, a partner at DLA Piper, told the E-Commerce Times.

“It reduces the bureaucracy — the paperwork a company has to deal with under the current system,” he said.

Also, European data protection laws currently are not harmonized, which can be very cumbersome as well, noted Halpert. “Having one set of rules that would apply to much of the activities that businesses engage in would obviously be a help.”

That said, there is a significant downside as well, especially for e-commerce companies, he pointed out.

Any company that sells anything to an EU citizen — even if that firm doesn’t have a presence in Europe — would be subject to the directive, Halpert said. “How the European Union would enforce that is unclear — but for related businesses, this creates uncertainty.”

The rules would impose rigorous data minimization requirements that many firms would find burdensome, he noted. There is a “privacy by design” mandate in the proposed directive, which means tech vendors would have to bake into their products compliance with the data minimization rules.

Headed for Final Approval?

Of course, it may very well be that the final regulation will look different from the proposed version — perhaps a lot different, if critics have their way.

“The commission is under some extreme pressure to protect citizens’ information, with all the data breaches we have seen over the past two years,” Eloqua Chief Privacy and Security Officer Dennis Dayman told the E-Commerce Times.

Typically what happens is that with the first draft of any legislation the consumer is heavily favored, he said. “Remember, these are proposals and not a directive yet. So there is much to be discussed on the impact these regulations will have.”

Google will consolidate about 60 of its privacy policies across its products in March, creating one overarching policy and leaving only about another 10 unchanged for legal and other reasons.

The company is also changing its terms of service (TOS). It may combine information on Google account holders across all the company’s services the account holder uses.

This will provide a simpler, more intuitive Google experience and also let the company serve users better, it claims.

The announcement of the changes sparked concern among privacy watchdogs both in the United States and the European Union.

“Consumers’ online privacy is being eroded,” growled John Simpson, a consumer advocate at Consumer Watchdog.

“Google finally stopped pretending it’s concerned about protecting privacy,” stated Jeffrey Chester, asserted executive director of the Center for Digital Democracy. “Winning its battle against Facebook to remain king of the Web requires it to escalate the digital arms race.”

The Office of the Data Protection Commissioner in Ireland will “be further assessing the implications of the changes,” organization spokesperson Ciara O’Sullivan told TechNewsWorld.

You Gotta Serve Somebody

Google justifies its privacy policy consolidation by saying regulators are calling for shorter, simpler privacy policies, and having one policy covering several products is fairly standard practice across the Internet.

Consolidating all information about a user across all Google’s services will improve search, help Google provide more relevant ads, and in general let Google serve consumers better, the company contends.

“This is typical Google bluster and bafflegab,” Consumer Watchdog’s Simpson told TechNewsWorld. “It’s all about maximizing the way they see the data they have amassed.”

Did We Get Served?

The Internet giant’s moves have little to do with improved service, the CDD’s Chester contends.

“To stoke ad revenues, Google must pull together its vast storehouse of user information, combining all the data it holds on every single user,” Chester told TechNewsWorld. “Its DoubleClick Ad exchange depends on profiting from the sales of richer profiles.”

That data consolidation could also imperil users’ security because “if there’s a breach, the hacker can get all the data in [what amounts to] one-stop shopping,” Consumer Watchdog’s Simpson suggested.

On the other hand, Google already lists a considerable amount of data about a user in Google Dashboard.

Running Like the Wind

Users can opt out of ads even when the new consolidated user profiles kick in.

They can install the Google advertising cookie opt-out plugin in their browsers. Or they can visit Google’s Ads Preferences Manager to select the ads they want to see served up.

However, “Google’s Ads Preferences Manager is a PR stunt,” Consumer Watchdog’s Simpson declared. “It stops the serving of behavioral ads, not the gathering of data. We need a strict do-not-track mechanism that prevents the collection of data when enabled, with serious consequences if the user’s wishes are violated.”

There’s apparently a user backlash going on against Google’s planned changes. An informal Washington Post poll on Wednesday found that 66 percent of the roughly 13,500 readers who responded said they’d cancel their Google accounts because of the new policies.

Show Me the Money

Google might be looking for anything that could help it improve ad sales.

The company missed both its revenue and earnings targets this last quarter despite record U.S. online commerce volumes during the holiday season, registering a fall in earnings from marketers for the first time in two years. The news sent Google share prices sliding.

Google’s planned consolidation of user data across all its properties “is definitely a move to improve targeting and hence improve ad revenues,” Simon Khalaf, president and CEO of Flurry Analytics, told TechNewsWorld. “It [will] also defend the Google franchise from ad offerings that Facebook offers today or might offer in the future.”

That data consolidation is not necessarily ground-breaking. “Facebook does track its users across all its services and hence is able to better target [them],” Khalaf pointed out. “Google wants to offer similar, if not better, services.”

Google did not respond to our request for further details.

Google (NASDAQ:GOOG) is folding 60 of its 70 existing product privacy policies under one blanket policy and breaking down the identity barriers between some of its services to accommodate its new Google+ social network software.

Google’s streamlining comes as regulators in the United States and Europe have criticized Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols.

To that end, the biggest privacy change concerns Google’s accounts. When users are signed in, Google may combine identity information users provided from one service with information from other services. The goal is to treat each user as one individual across all Google products, such as Gmail, Google Docs, YouTube and other Web services.

Users may see how Google’s widened identity approach works in Google’s new Search, plus your world personal search results feature. This tool pulls content from Google+ and users’ Picasa Web Albums. As Google+ increasingly integrates with more Google Web services, data from those services will surface in Search, plus your world.

Google claims this will lead to a simpler user experience, but it will also make it impossible for users to opt out of having their identities applied to dozens of Websites they might not have agreed to use. Common Sense Media CEO James Steyer wrote in a statement emailed to eWEEK:

“Google’s new privacy announcement is frustrating and a little frightening. Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to Opt Out—especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

This privacy practice changes will likely also provoke protests from the Electronic Information Privacy Center, which is currently opposing Search, plus your world, as well as the Consumer Watchdog agency.

The Federal Trade Commission, already looking into Google’s search business practices and which had previously ordered Google to submit to 20 years of audits after breaching user privacy with its Google Buzz feature, will certainly take notice.

Yet Google sees the changes as improving the user experience. Google will use the streamlined identity credentials to improve disambiguation in its search results. For example, the company’s search algorithms will better tune results for when users enter a search query such as “apple,” which could mean the fruit or the company.

Alma Whitten, the director of privacy, product and engineering who is leading the policy changes, added:

“We can provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day. Or ensure that our spelling suggestions, even for your friends’ names, are accurate because you’ve typed them before.”

Increased personalization across Google Web services will also help improve Google’s ad targeting. Google downplays this benefit, but it is a major reason why it is changing its privacy policies; it wants to refine its ad-serving features to boost relevance for each of its 1 billion search users.

Of course, users can still export all of the data they create within Google applications using the company’s data liberation export tool. Google is notifying users about its privacy changes via email and its homepage.

BRUSSELS, Belgium — Landmark online privacy regulations proposed in Europe today that include the concept of a “right to be forgotten” could help provide U.S. consumers with tools necessary to protect their data held by Internet giants like Google, Facebook and Microsoft, if ultimately enacted, Consumer Watchdog said today.

Google’s latest unilateral action combining data from all its services shows why we need protections like those proposed in the European Union, Consumer Watchdog said.  Google can change its policies at will and create a digital dossier of all our info overnight that we cannot delete.

“Google has eliminated its last pretense that it protects consumer privacy – the walls are torn down,” said John M. Simpson, the nonprofit, nonpartisan Group’s Privacy Project director. “Instead of a privacy policy Google has finally admitted they have a profiling policy – and every Internet user is a target to be spied on.”

The improved European safeguards will not come automatically and U.S. Internet companies are likely to mount an intensive campaign to weaken them before they are fully implemented, Consumer Watchdog warned.

“In today’s digitally driven, globally connected markets, the final European rules will have substantial impact in the United States,” predicted Simpson. “That’s because the global internet giants — Google, Facebook and Microsoft — will have to follow Europe’s rules.  It will be cost effective for them to use the same procedures and protections around the world. Americans are likely to receive the same level of protection in many areas as Europeans.”

The proposed changes in the European Data Directive underscore the difference in the way privacy is viewed in the US as a consumer protection issue, compared to Europe, where privacy is a basic human right, Consumer Watchdog said.

“Once Google and Facebook are following European rules, there will be no way for the companies to justify the obviously inadequate protection in the U.S.,” said Simpson. “That’s why we’re actively supporting the Europeans.”

Consumer Watchdog warned that it could take as long as two years to get the proposed date regulations implemented and businesses have already started lobbying to weaken them.

“You can expect a tremendous effort by the corporate titans to water down the new regulations,” said Simpson. “Last year Google spent a record $9.7 million on lobbying to get what its executives want from Washington. You can expect similar boatloads of money flooding Brussels, Belgium, where the European Commission is located, as the proposed data directive moves forward.”

The European Commission proposed these key changes in the data protection law that went into effect in 1995 when only 1 percent of Europeans were on the Internet:

—A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.

—Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).

—Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.

— People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.

— EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.

Simpson is in Brussels representing Consumer Watchdog as an Invited Expert taking part in the World Wide Web Consortium (W3C) Tracking Protection Working Group.  The organization is an international group that sets standards and protocols for the Internet.  The Tracking Protection Working Group is seeking to create standards for an online Do Not Track mechanism.

- 30 -

Visit our website at: http://www.ConsumerWatchdog.org

The new privacy policy – which Google contends will allow it to better target ads — goes into effect on March 1. In a press release, the company said it may combine the information users submit under their email accounts with information from other Google services or third parties. What people do and share on the social networking site Google+, Gmail and YouTube will be combined to create a more three-dimensional picture of consumers’ likes and dislikes, according to reports.  Google did not return calls seeking comment.

Experts say that information is more valuable than people may think. Michael Fertik, CEO and founder of Reputation.com, one of a slew of new paid – and free — services to help consumers keep their web use anonymous, says personal information can be worth between $50 and $5,000 per person per year to advertisers and market researchers – depending on how much they spend and how useful the information is to third parties. Fertik says this explains why online breaches are so lucrative and on the rise. Others say the data may be worth billions of dollars to social networking sites and online marketing agencies. “Their entire market cap is related to how much data is being collected and used,” says Jules Polonetsky, director of the Future of Privacy Forum, a Washington, D.C.-based think-tank.

There are ways consumers can block online tracking, however. “Use private browsing, that’s Lesson 101,” Fertik says. For instance, FireFox web browser comes with a “Do Not Track” option via “Options,” “Privacy” and “Tracking.” Reputation cleanup sites can also remove customers’ details from the world’s biggest direct marketing associations and data brokers.

The European Union announced new proposals Wednesday to keep online data private. In the U.S., there is a growing chorus of lawmakers who want to do the same . Currently, there are no state or federal limits on what information can be collected or with whom it can be shared, according to John M. Simpson, director of Consumer Watchdog’s Privacy Project, a California-based non-profit organization. Online data gathered can also be used in marketing housing, insurance, and financial services, Simpson says. For its part, Google policy explicitly states it will never sell users’ personal information or share it without their permission. Fertik says, “The word sell is very loaded. They share or trade data.”

But while members of the public say they are concerned about their online privacy, some studies show that they often do little to protect it — especially when it comes to what they share on social networking sites. Simpson says people need to be better educated about how to protect their data: A 2010 poll conducted by research firm Grove Insight for Consumer Watchdog said 86% of Americans favored the creation of an easy-to-use “anonymous button” that allows individuals to stop anyone from tracking them online. Others say consumers find the convenience of using one company’s myriad of integrated online services compelling. “There is a struggle between the titans of the Internet to provide a seamless experience that captures all your attention – and all your data,” Polonetsky says.