EU officials want Google to suspend privacy policy change

European Union officials have asked Google to refrain from implementing its plans to share user information across all of its services until the privacy implications can be analyzed, but Google is standing its ground.

In a letter to Google CEO Larry Page, Jacob Kohnstamm, chairman of the Article 29 working group of EU advisers on data protection issues, said: "We wish to check the possible consequences for the protection of the personal data of these [EU] citizens in a co-ordinated procedure," the Financial Times reported today.

The working group has asked French data protection watchdog CNIL to lead the investigation, the letter said.

But Google is not backing down on its policy modification, which was announced last week and is due to go into effect on March 1. In a letter sent to Kohnstamm today, Google Privacy Counsel Peter Fleischer wrote that the company is "happy to discuss this further" if the CNIL requests a meeting.

"As you will know, we had extensively pre-briefed data protection authorities across the EU prior to the launch of our notification to users on 24 January 2012," he wrote. "At no stage did any EU regulator suggest that any sort of pause would be appropriate. Since we finished these extensive briefings, we have notified over 350 million Google account holders, as well as providing highly visible notices to all our non-authenticated users."

The privacy policy changes won't affect users' existing privacy settings and no new or additional data about users is being collected, Fleischer noted. The change will allow Google to use the data it already has access to to provide more convenience and better services to users, he said. The move basically streamlines more than 60 different privacy policies of Google's into one.

Google has been able to combine information from a user's two different Google accounts, which enables users to add a Calendar appointment when a Gmail message includes data about a meeting. But Google's privacy policies have restricted the company's ability to combine information within a user's account for two services: Web history and YouTube. So, someone searching Google for cooking recipes could not be shown suggestions for cooking videos on YouTube, Google said in its letter.

U.S. lawmakers have already taken Google to task over the privacy policy changes, with some pushing the company to allow users to opt out of the switch.

Google executives appeared before a Congressional subcommittee yesterday to answer questions about the changes. Rep. Mary Bono Mack (R-Calif.), who heads up the House subcommittee doing the investigation, accused Google officials of not being "forthcoming" in their answers.

Google also has been taking heat for its decision to embed Google+ results in its main search page. After the news was announced last month, EPIC asked the U.S. Federal Trade Commission to look into whether the move violates federal antitrust rules and poses consumer privacy concerns.

Yesterday the Electronic Privacy Information Center filed a Freedom of Information Act request with the FTC for access to a privacy report that Google recently submitted to the agency. The privacy report is required as part of a consent decree the FTC and Google announced in October to settle a complaint EPIC brought to the FTC in 2010 over the now-defunct Google Buzz social network service.

"Google promises access to the world's information, but it has not made available to the public the report it submitted to the Federal Trade Commission about the steps it takes to protect the privacy of its users," Marc Rotenberg, EPIC executive director, said in a statement.

A Google spokesman told CNET that the company could not comment on EPIC's FOIA request.

Meanwhile, Google clarified its privacy policy changes with respect to Google Apps for Government in response to concerns that it would compromise sensitive government data. The government contracts supercede the privacy policy in the old version and the new version, unless domain administrators turn on additional apps that are not in the core suite, Google said.

"Enterprise customers using Google Apps for Government, Business or Education have individual contracts that define how we handle and store their data," Amit Singh, vice president of Google Enterprise, said in a statement. "As always, Google will maintain our enterprise customers' data in compliance with the confidentiality and security obligations provided to their domain. The new Privacy Policy does not change our contractual agreements, which have always superseded Google's Privacy Policy for enterprise customers."

Separately, there is scrutiny over antitrust allegations in the U.S. and Europe. The FTC and the U.S. Senate have investigations under way focused on concerns that Google unfairly promotes its own services in its search results. Meanwhile, the European Union is considering whether to file a formal antitrust complaint against Google based on similar complaints by rival search providers there.

Updated 3:08 p.m. PT with EPIC FOIA request for Google privacy report, more background on Google antitrust probes, and applicability of privacy policy changes to government employees.