You are currently browsing EDRi's old website. Our new website is available at

If you wish to help EDRI promote digital rights, please consider making a private donation.

Flattr this


EDRi booklets

Google changes privacy policy

20 October, 2005

Google is offering more detailed information about how it collects and uses personal data of internet users. Since 14 October Google has expanded its privacy policy outlining more details but little change in substance. Some key issues, such as how long personal data are kept, are not answered by the new privacy policy.

The new privacy policy is 'layered' and consists of a easy readable short version and a more comprehensive full version. Google has joined the US safe harbour program in order to bring its data collection practices more in line with EU data protection principles. According to the safe harbour principles personal data can be accessed, corrected or removed by the subject. But Google does put some serious limitations on those rights saying that "extremely impractical" requests for removing will not be honoured, "for instance, requests concerning information residing on backup tapes". The problem does also apply to e-mail messages in Gmail, Googles web e-mail service: "Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems".

Google will use personal information to display customized content and advertising, develop new services and ensure that its network continues to function. The practices aren't new but weren't explicit before. The policy is also more explicit on data security stressing not only that employees have access on a need-to-know basis but will also be fired or criminally prosecuted for violations.

The biggest omission in the privacy policy is however that it doesn't put any limit on how long personal data are kept and how data are removed after it has fulfilled its purpose. The policy can only be read in such a way that Google keeps personal data forever.

In April 2004 Privacy International filed complaints about Google's proposed Gmail service with privacy and data protection regulators in 17 countries. The complaint identifies a large number of possible breaches of EU law including the searching of email content and indefinite retention. Gmail scans e-mail content to display custom advertisements.

Google Privacy Policy (14.10.2005)

Gmail Privacy Notice (14.10.2005)

Privacy International complaint (19.04.2004)

More on Gmail and privacy (15.07.2004)

Google's Privacy Policy In Layman's Words (15.10.2005)

(Contribution by Maurice Wessling, EDRI-member Bits of Freedom)



Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo