Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere. Google responded to the criticisms in a letter (pdf) to U.S. lawmakers and a blog post.

Now, the EU’s Article 29 Data Protection Working Party has written (Working Party pdf; archive pdf) to Google about the privacy policy, which affect 60 Google services. The Working Party includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor. Jacob Kohnstamm, chairman of the Article 29 Working Party, writes:

The scandal about the alleged hacking of thousands of British citizens’ phones by the UK News of the World led to that newspaper’s closing and the questioning of owner Rupert Murdoch and his son, James Murdoch, by British officials. (It also led to much discussion about the privacy and security of telephone voicemail systems.) Now, the New York Times reports that the voicemail hacking scandal has spread to the Murdochs’ Times of London and it could include e-mail hacking:

The hacking scandal at Rupert Murdoch’s British newspapers took a new turn on Thursday when a lawmaker said police investigations had spread to the flagship Times of London. The revelation came a day after lawyers said an e-mail referring to “a nightmare scenario” of legal repercussions from widespread phone hacking at the News of the World tabloid was deleted from James Murdoch’s computer less than two weeks before the police opened investigations.

The lawmaker, Tom Watson, from the opposition Labour Party, who has been a central figure in the inquiries into phone hacking, said in a message on Twitter that Scotland Yard had “confirmed to me they are investigating” The Times “over e-mail hacking.” [...]

The development was significant in two regards: it focused attention on e-mail hacking rather than the illicit voice mail interception at the center of inquiries so far, and it suggested that the most august of the Murdoch publications in Britain was not immune from scrutiny. Read more »

Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere.

Now, CNet reports that Google is responding to the criticisms in a letter (pdf) to federal lawmakers and a blog post. CNet reports:

Google announced plans to rewrite its privacy policy last week. The revision will give the company explicit rights to “combine personal information” across the many products and services it currently offers.

“We’re not collecting more data about you. Our new policy simply makes it clear that we use data to refine and improve your experience on Google–whichever products or services you use,” Google said at the time. “This is something we have already been doing for a long time. We’re making things simpler and we’re trying to be upfront about it. Period.” Read more »

Illinois Attorney General Lisa Madigan recognized International Data Privacy Day and released the latest Information Security and Security Breach Notification Guidance (Illinois AG pdf; archive pdf). “In releasing her Information Security & Security Breach Response Guide, Madigan encouraged businesses and government agencies to establish an Information Security Program to understand the scope of the personal information they collect and to train employees how to properly maintain and handle information to prevent security breaches, which in turn can help prevent identity theft,” a press release said.

Here’s information from the guidance’s introduction:

The Illinois Personal Information Protection Act requires notification to Illinois residents in the event of an unauthorized acquisition of their personal information. Read more »

In the last few months, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via software from a company called Carrier IQ. Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, wrote to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy. European officials are investigating the company for possible privacy violations. Carrier IQ spoke with the Wall Street Journal about its software.

Now, the Hill reports that Rep. Ed Markey (D-Mass), a co-chairman of the House caucus on privacy, has released a discussion draft (pdf) of the Mobile Device Privacy Act, which would require telecommunications providers such as Verizon, AT&T and Sprint to reveal if they are using data-tracking software such as Carrier IQ on mobile devices:

Consumers would have to consent to any data collection or transmission, and third parties would have to have policies in place to secure the data they collect.

Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Read more »

USA Today reports on how companies such as Google and Facebook are reacting to changes proposed in the European Union that would limit tracking of individuals’ online activities:

They may be battling each other tooth-and-nail to win over online advertisers. But Google and Facebook are on the same side when it comes to opposing new data-handling privacy laws fast-gelling in Europe and the U.S.

On Wednesday, the European Union formally proposed strict rules that could restrict much of the systematic tracking and profiling Google and Facebook routinely do of Internet users, as part of delivering targeted ads to them.

If Europe’s new rules are implemented as expected in 2013, the tech rivals could face hefty fines, up to 2% of annual revenue, for any violations. In Google’s case that translates into a maximum penalty of $800 million.

On Tuesday, Facebook Chief Operating Officer Sheryl Sandberg delivered a statistics-filled speech at a tech conference in Munich outlining how Europe’s proposed rules are very likely to stymie the global economy. [...]

Meanwhile, refinements announced this week by Google and Facebook, about how each tracks and profiles Internet users, added heat to the domestic debate over the need for new data privacy rules here in the U.S. Read more »