Berlin Court Rules Google Privacy Policy Too Vague; Internet Giant Set to Appeal

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jabeen Bhatti  

Nov. 21 --Germany's appeal courts will likely decide against Google Inc.'s appeal of a recent ruling that its privacy policy is too vague, attorneys told Bloomberg BNA Nov. 21.

The Berlin Regional Court (Landgericht Berlin) Nov. 19 found Google's privacy policies do not comply with German data protection law (In re Google, Inc., LG Berlin, No. 15 O 402/12, 11/19/13).

The court ruled in favor of the Federation of German Consumer Organizations (VZBV), finding that the Internet giant's user and data protection clauses of its privacy policy were too vague, the VZBV said in a Nov. 19 statement.

The decision affects 25 clauses in the privacy policy--12 clauses pertaining to user rights and 13 that address data protection rules, the VZBV told Bloomberg BNA Nov. 21.

“Even if Google appealed the Court's decision, I do not expect the Superior Court of Justice (Kammergericht) or the Federal Court of Justice (Bundesgerichtshof)--in case of a further appeal--to decide in Google's favor,” Steffen Bunnenberg of Bunnenberg Bertram, in Berlin, told Bloomberg BNA Nov. 21. “The violations are too obvious and the courts are rather strict.”

A Google spokeswoman told Bloomberg BNA Nov. 21 that it would appeal the ruling. “We believe our Terms of Service and privacy policy comply with all applicable laws,” she said.

The court has not made the text of its ruling public.

Need for Clearer Consent Policy

Google users complained about the privacy policy, saying they felt insufficiently informed about the use and consolidation of their data, VZBZ said.

“The information supplied by Google to users is not precise or transparent enough--that needs to change according to German law, giving users back control over their data wherever applicable,” a VZBV spokeswoman said.

In data protection provisions in the policy, Google says it “may capture device-specific information or location data or, under certain circumstances, link personal data in various Google services,” according the consumer group's statement.

“It was unclear for the consumer where they should consent to the use of their data and in some cases personal data could be used and processed without active consent,” VZBV said in the statement.

Crafting Policies Is Complex Task

Marc Hilber, who specializes on information technology and data protection law at Oppenhoff & Partner, in Cologne, Germany, told BNA Nov. 21 that “under German law, Google needs a transparent and precise data protection policy, which both informs users and requests their consent whenever required--for instance, when cookies are used for marketing purposes.”

But Google is in a difficult position because consent provisions are complex and unwieldy and because data policies refer to several legal areas, Hilber said. “Data-use policies are difficult because several legal areas, like IT law, user rights and data protection law overlap,” he said

“If Google were 100 percent clear in all cases, the provisions in its general data-use terms would become so long and complex that few users would still bother to read them or be able to understand them,” he said.

In April, the same court held that eight of Apple Sales International's customer data-use privacy policy clauses violated national data protection regulations (12 PVLR 842, 5/13/13).

 

To contact the reporter on this story: Jabeen Bhatti in Berlin at correspondents@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com