Tag Archives: Google

How-to, News

How to opt-out of direct Google+ e-mails

Leave a comment

If you have a gmail.com e-mail address, and a Google+ account, pay close attention: Google has released a feature that allows anyone on Google+ who adds you to his/her circles to send you an e-mail directly, without even knowing your e-mail address.

Any random Google+ user will now be able to add you to his/her circles and send you e-mails directly.
Any random Google+ user will now be able to add you to his/her circles and send you e-mails directly.

You do not need to have these people in your circles for them to e-mail you. If they are in your circles, then their e-mails will go to your Primary tab, otherwise they’ll go to your Social tab, assuming you have the tabbed inbox feature enabled. This feature is enabled by default, even for existing gmail accounts.

Here’s how the feature works

Once someone sends you an e-mail via Google+, you have three options:

  1. Allow the message and future messages by adding the person back to one of your circles, or by replying to the e-mail. NOTE: If you reply to the e-mail, your e-mail address will be made visible to the other person!
  2. Block the message and future messages by clicking on the Report Spam or Abuse button.
  3. Ignore the message. If you do nothing, that sender will be able to send replies to that specific e-mail, but won’t be able to send you any new e-mails in the future.

How can I opt-out of this new feature?

  1. Open Gmail.
  2. Click the gear-box in the top right.
  3. Select Settings.
  4. In the General tab, scroll down to the Email via Google+ section.
  5. Click the drop-down menu and choose Anyone on Google+, Extended circles, Circles or No one. Selecting “No one” will opt you out of this feature, and you won’t see these new Google+ e-mails.
  6. Click Save Changes at the bottom of the page.
Select the highlighted option to opt-out of this feature entirely.
Select the highlighted option to opt-out of this feature entirely.

There is some value to this service; maybe you live a quasi-public life, and want to allow people to contact you without necessarily making your e-mail address fully public. For these use-cases, Google should have made this feature opt-in, rather than enabled by default.

News

CNIL fines Google €150,000 for its Unified Privacy Policy

Leave a comment

Today, January 8, 2014, CNIL announced it had fined Google €150,000 last week on January 3rd for violations of the French Data Protection Act.

CNIL Headquarters in Paris. [Image Courtesy]
CNIL Headquarters in Paris. [Image Courtesy]

What’s the French Data Protection Act?

In 1978, France enacted  loi n° 78-17, the French Data Protection Act.  This Act protects how personally identifiable information, like your name, address, contact information, and sensitive personal information, is processed. When a company wants to collect, process, or otherwise use personally identifiable information, it must first inform that person, limit how long it keeps the data, provide easy ways to view and delete that data, limit international transfer of that data, and give CNIL a detailed description of its business and how it will process personal data.

What is CNIL?

This Act created Commission nationale de l’informatique et des libertés (CNIL), which is an administrative regulatory agency that monitors companies to make sure they comply with the Act, and processes applications and reviews. CNIL also has the power to fine companies for violating the Act. As a part of CNIL’s constant monitoring, it noticed Google’s new Unified Privacy Policy violated parts of the Act.

What is Google’s Unified Privacy Policy?

Companies issue Privacy Policies, which are detailed descriptions of what kinds of personal data are collected from internet users when they use the company’s website. Google has many services (Search, Gmail, Maps, Youtube, etc.), and before March 2012 each service had its own privacy policy. However, on March 1st, 2012, Google unified these policies, and one single privacy policy controlled data processing across all of Google’s services.

How did the Unified Policy violate the Act?

CNIL claims that Google:

  1. Did not inform users why data was being processed.
  2. Started tracking data before getting users’ consent.
  3. Did not say for how long data would be stored
  4. Collects user data from many of its services, and combines them together.

1 & 4 are big problems, because Google combines user data from all of its services to more accurately target advertisements to its users, but it doesn’t make it clear that’s what they’re doing. For example, if you get a wedding invitation sent to your Gmail, you might start seeing ads for tuxedo rentals in your Google Maps. CNIL claims that such integrated data collection and usage violates the Act. Of course, Google disagrees, and continues to believe that its Unified Policy is 100% legal.

The Final Thought

The fine is significant because it’s the largest single fine CNIL has ever issued on a company before. Also, France isn’t alone in thinking the Unified Policy is a privacy nightmare; both the Dutch and Spanish Data Protection Authorities came to similar conclusions last year. The unfortunate reality is that €150,000 (around $204,000 USD) is a mere drop in the bucket for Google. To put it in perspective, based on Google’s public 2012 financial reports, Google makes around $20,428 net profit every minute; CNIL’s fine works out to just under 10 minutes worth of profit. It’s unlikely Google will see these fines as a significant deterrent for its continued unified, pervasive user data collection, especially when it’s so profitable.

Edited on January 9, 2014: added net profit per minute to provide perspective on the insignificance of the fine.