Forgot your password?
typodupeerror
EU Google Privacy Your Rights Online

EU Authorities To Demand Reversal of Google Privacy Policy 177

Posted by Unknown Lamer
from the legal-dept-hiring dept.
judgecorp writes "Google's privacy mechanism, which combines personal data from around 60 products, and gives users only one opportunity to opt out, was rolled out in March against requests from privacy regulators in Europe. Now they want the policy reversed, and user data from the different Google products, including Gmail, Search and YouTube, to be separated. The EU attack is lead by French regulator CNIL, which has historically taken a tough line on privacy matters."
This discussion has been archived. No new comments can be posted.

EU Authorities To Demand Reversal of Google Privacy Policy

Comments Filter:
  • by Anonymous Coward on Tuesday October 16, 2012 @12:06AM (#41665843)

    The French may save us yet.

    • by aliquis (678370) <dospam@gmail.com> on Tuesday October 16, 2012 @12:12AM (#41665869) Homepage

      "Yeah, so what if YouTube let you register with a user name before we bought it. We see you don't use a real name. WTF is up with that? Are you a criminal?

      [x] My name is ___________________________
      [ ] I'm a criminal."

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Kudos to the privacy watchdog.

      Don't use google. Don't use facebook. Don't buy apple. This will take you and us all a long way.

    • by davester666 (731373) on Tuesday October 16, 2012 @02:26AM (#41666341) Journal

      No. The French may save French users of Google. Perhaps even for the rest of the EU. But DEFINITELY not for anywhere else.

      Google will definitely [if they are forced to keep this information separate for some locations] recode their products to keep it separate for people in those locations and combined everywhere else.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Keep in mind there is no strong IT industry in France, but many people dislike Google strongly here because they don't like the way new technology (which they see as "Google") forces them to adapt.

      Make no mistake, the CNIL happily accepted the Hadopi law (three strikes and you're disconnected). It is NOT fighting for anybody's freedom. It's probably acting on someone's behalf, that someone being a group of interest which lobbied hard enough. (Yes, I'm writing this on an AZERTY keyboard).

    • by N1AK (864906)

      The French may save us yet.

      I'd love to see Google remove login ability from all Google products in France and see how long it takes for them to change their mind. I like the integration between Google services, if I was worried about how they were using the data I provide then I'd still be worried if it was silo'd into the different divisions. I still can't for the life of me understand how Google gets so much hassle for this when 'platforms' like Windows Live, iOS, Facebook etc collect at least as wide if

      • I'd love to see Google remove login ability from all Google products in France

        As a result of which the EU would swing it's full might right at Google's wedding tackle.

      • Google can choose not to do business in France. But then France could ( or at least should ) nullify any patents Google owns in France. Anyone who wants to screw Google over IP-wise can just do it in France. The French would soon have their own Google. ( Baidu anyone? ) The legal infrastructure to do this may not exist in France, but countries can easily develop the legal infrastructure to do war on corporations that make war on them as it becomes necessary.

        • by geekoid (135745)

          "nullify any patents Google owns in France. "
          just becasue you don't do business somewhere, doesn't mean the get to violate treaty.

        • by Kalriath (849904)

          A unilateral violation of the Berne Convention, UCC, TRIPS, and a swathe of other treaties? That sounds like a brilliant idea that would have absolutely no consequences at all!

          • Maybe it would have desirable consequences. Just start violating the treaty and say why, and say that they want it renegotiated to allow for the sort of thing they are doing, or they'll just keep doing it anyway. If anyone values the treaty enough to renegotiate, then it might continue to be a treaty, otherwise it becomes defunct.

            • by Kalriath (849904)

              No, because the consequence would be that the rest of the planet would no longer honour France's intellectual property regime. It has happened before.

              There would be no desirable consequences from such an action for anyone.

              And it's not one treaty, it's more than seven treaties.

              • I fail to see the downside.

                • by Kalriath (849904)

                  And that's why it's a good thing that you have exactly zero authority whatsoever.

                  • Look the Berne Convention dispite sounding like some kind of intergalactic treaty from the Whovian Universe, no wait, that's the Shadow Proclaimation, has to do mainly with protecting copyrights abroad. I doubt France produces more things demanded abroad than it consumes. Therefore, it would seem, the arrangement is a net negative to France.

    • by Meski (774546)
      Now go away, before we taunt you a second time!

      Is it EU authorities, or the french?
  • by Anonymous Coward

    This will surely deter the far better free market solution from being developed.

    Whatever it might be. My Capitalist gods haven't told me yet.

    • by Baloroth (2370816)

      This will surely deter the far better free market solution from being developed.

      Whatever it might be. My Capitalist gods haven't told me yet.

      In this case? Not using Google (does that make me a capitalist god?). Try DuckDuckGo, or Bing (if you want to cut out the middle-man and get some extra tracking in). Mapquest still exists, Vimeo for videos... yeah, if you think there aren't plenty of alternatives for Google, you're pretty ignorant. Google even lets you export your data [dataliberation.org] to use with them.

      Now, whether you want to actually use those alternatives, well, that is entirely for you to decide.

  • by Anonymous Coward

    What do you mean we had an opportunity to opt out?? It was take it or leave it scenario. Lose your data, change your email, disrupt your life or let us assemble your data.

    I switched to DuckDuckGo for search. I did not like adverts for the things I'd been searching for, being presented to me and my family. I've tried to block Google tracking too.

    I don't like that I receive an email on [obscure thing] and see adverts for [obscure thing], and I hate the fact that some spotty faced oik in Google can pull up my

    • by Anonymous Coward

      There's one other source of tracking. Firefox has a 'block reported phishing sites'. The way it works is they download a block of partial (32bit) hash keys, WITH A TRACKING COOKIE, each Firefox user gets their own cookie. If a site is in the set of 32bit keys, Firefox asks if the 256 bit hash matches a phishing site to determine if the site actually is a phishing site, or just a hash collision.

      In this way, Google can track any website simply by adding its partial key to the list and Firefox will dutifully r

      • by Anonymous Coward on Tuesday October 16, 2012 @04:53AM (#41666811)

        Why does this need a session cookie? why does it need to update the list so incredibly frequently? Why send only partial keys?

        Dude, take off the foil hat. I work at the big G (not on anti phishing) and all these concerns have been discussed publicly before. There is a cookie for anti-DoS purposes. Google has the ability to sink large amounts of HTTP traffic using smart load balancers which can handle way more requests than the backends they balance on to. During a DoS attack legitimate cookies that have been observed behaving in a non-abusive manner for a long time can be serviced whilst excluding requests that come in with no cookie or a freshly minted cookie. And let's face it - the anti-phishing system is designed to frustrate criminals, the kind of people who wouldn't hesitate to use DDoS attacks against a blacklisting service.

        The list is updated frequently because phishing sites appear and disappear very fast.

        If there was no partial server-side matching you could defeat the blocklist by simply using random filenames or ?q=abc suffixes on the phishing page (eg every spam you send with a phishing link could have a unique URL). Then a list of even a million URLs would be insufficient. By having partial/prefix matches that trigger a server side lookup more advanced logic can be used that doesn't require protocol changes to every client, in extreme cases you could even imagine hand crafted code that understands how to spot patterns in particularly tricky campaigns.

        CAPTCHA: explains

    • Re:We could OPT OUT? (Score:5, Interesting)

      by kqs (1038910) on Tuesday October 16, 2012 @01:03AM (#41666097)

      What does opting out of a privacy policy mean? "I refuse to be bound by this policy, so there is no policy and you can do whatever you want with my data"? "I refuse to be bound by this one policy, I prefer a different policy on every google service I use"? And do you expect google (or anyone) to maintain code to implement every privacy policy they've ever had? How would that work?

      Opting out of a privacy policy means not using the service. Wanting to use the service but refusing the privacy policy is much like wanting to eat at a restaurant but not wanting to pay your bill.

      • by Anonymous Coward

        I eat at a restaurant, they change the prices on me after I've ordered. I then refuse to pay the newly inflated bill,
        I insist on paying the old bill, the bill as was agreed when I gave you may order.

        It's a bad metaphor because I agreed on ongoing supply of food at an agreed price. Google receives my money (or data or eyeballs), yet wants to inflate this.

        I can only take snapshots of my data back, I can't update everyone who thinks my email is bob@gmail.com, I can't update everyone who thinks my video is 'bob

        • It's a bad metaphor because I agreed on ongoing supply of food at an agreed price.

          No, that new metaphor you are offering is the bad metaphor, unless Google made some commitment not only as to the current terms, but explicitly limiting future changes to the terms for current users.

          So I expect them to deliver the service they agreed at the price they agreed it.

          They did. You seem to want to pretend that they agreed to prospective future terms that they never, in fact, agreed to.

    • What do you mean we had an opportunity to opt out?? It was take it or leave it scenario. Lose your data, change your email, disrupt your life or let us assemble your data.

      I doubt you'd actually have lost any of your data. Google services usually offer a way to export it for backup purposes - or if you indeed plan to switch. They even have a special team to organize that. www.dataliberation.org (well... they may not exactly LOOK like an engineering team...)

      I switched to DuckDuckGo for search

      isn't that a google search query in disguise?

  • Not an issue for me (Score:5, Interesting)

    by aNonnyMouseCowered (2693969) on Tuesday October 16, 2012 @12:19AM (#41665907)

    Really, I don't see this as an issue if you're volunteering your personal info to Google anyway. I'm more worried by the tracking that Google does even if you're not logged in, say, via its ad and recaptcha services.

    • Re: (Score:2, Offtopic)

      by tooyoung (853621)
      Totally, same thing with Facebook.
  • And I want a pony... (Score:5, Interesting)

    by O('_')O_Bush (1162487) on Tuesday October 16, 2012 @12:22AM (#41665925)
    Really though, unlike with Intel or Microsoft, I've never felt like I have been wronged by Google, which is probably why my knee jerk reaction is that this is just another extortion racket and an organization hired to cause a stir.
    • by TubeSteak (669689) on Tuesday October 16, 2012 @12:38AM (#41666007) Journal

      which is probably why my knee jerk reaction is that this is just another extortion racket and an organization hired to cause a stir.

      CNIL (Commission nationale de l'informatique et des libertés) translates to 'National commission on informatics and liberties'

      Unlike America, European regulators take their privacy seriously.
      They are mostly independant and don't have to bow down to political pressure.
      You seem to be confusing "not captured by corporate interests" with "just another extortion racket."

      • by Anonymous Coward on Tuesday October 16, 2012 @12:59AM (#41666087)

        Unlike Americans, Europeans are more worried about corporations spying on them than their governments.

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          Unlike Americans, Europeans are more worried about corporations spying on them than their governments.

          As it turns out, any information you give to a corporation ends up at the government.

          • by Chrisq (894406)

            Unlike Americans, Europeans are more worried about corporations spying on them than their governments.

            As it turns out, any information you give to a corporation ends up at the government.

            And with all the "outsourcing" vica versa

        • by Sique (173459) on Tuesday October 16, 2012 @04:01AM (#41666603) Homepage

          Unlike Americans, Europeans are worried about both corporations and the government spying on them. In Germany, Data Rendition laws are suspended for now, and in Austria, they didn't pass the parliament for now.

          • That's great but it didn't stop the EU rolling over and handing all financial data for the whole world to the Americans, did it? Search for: TFTP. And it didn't stop the EU rolling over and going along with insane flyer ID manifest requirements for the USA either.

            I'm a citizen of the EU and the biggest threat to peoples privacy is government, period. You could say I'm biased by my employer (Google), but to me CNIL seems way out of line and ridiculously out of touch with technology. I didn't get to vote on w

            • by geekoid (135745)

              " biggest threat to peoples privacy is government, period. "
              no.
              biggest threat to peoples privacy is large organizations with power. This can be Church, Government, Corporate entities.

              "Why can't I get new government identities as easily as I can get new Google accounts? "
              Seriously? Think about that for a bit. Hint: While you think about that, I could create dozens of IDs.

              " Why can't I ensure all the data EU governments have on me (all of them) is deleted by pressing a button?"
              Because records of what

      • by MrDoh! (71235)
        Which is fair, but how will splitting the privacy policies back into various areas HELP privacy? Doesn't putting them all in one place for Google products make it easier? And even if split, do they not get how Google tracks everything anyway? Very strange way to help people I'd think.
        • by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Tuesday October 16, 2012 @01:36AM (#41666203)

          Which is fair, but how will splitting the privacy policies back into various areas HELP privacy? Doesn't putting them all in one place for Google products make it easier? And even if split, do they not get how Google tracks everything anyway? Very strange way to help people I'd think.

          Well, before, Google had a different privacy policy for every product. This resulted in your YouTube browsing habits not being able to be shared with your GMail history, Google homepage not being able to search your e-mail or possibly throwing up your email search results when you search, etc.

          By unifying the privacy policy, Google made it easier to combine the data about you from many silos into one. Perhaps you were doing some Google searches about say, gay marriage. Now your YouTube ads for that next cat video can suggest gay marriage pastors. Or election ads about gay marriage.

          Or perhaps you're trying to keep your online activities separate. Perhaps you enjoy downloading the latest music and movies, but keep that separated somehow from your other activities. Perhaps using another browser. Or perhaps another computer. Problem is, you use Google on both, and eventually Google links both your nefarious pirate ways with your real life ways, so the MPAA and RIAA can now positively identify you through Google. (Ask Jammie Thomas).

          All the EU is doing is basically telling Google to put the data back in their individual silos and stop mising and churning it. Of course, law enforcement and IP lovers will be a lot less happy if they can't get at your user profile and prove that you are the person being accused through Google's profiling of your activities (the links are more tenuous when data is isolated. When they're combined, they're very powerful).

          Of course, this also allows Google to aid in finding people who do bad things - they can link the searches to the youtube videos to the G+ postings and all that. Perhaps even to their facebook account and get a name/location/etc.

          Oh yeah, trust me, it's not just advertisers/insurance people interested in your habits. And heck,one silo also means that false information can be rapidly corrected (yay!), alongside with notes on the false information in case you used it elsewhere, providing more linking data.

          • by Anonymous Coward

            So what you're saying is:

            "if you do SOME illegal things, and mostly non-illegal things, then privacy is a good thing"

            Personally, if I want to do something illegal, I lobby to raise awareness of the cause, attempt to get support from the majority of voters + counsel / whatever body of government has jurisdiction over the topic, then if I turn out to be in the minority that feels something SHOULD be legal, I do this crazy thing that nobody else in the world seems to understand:

            I yield to the democratic

          • Re: (Score:2, Interesting)

            by kenorland (2691677)

            All the EU is doing is basically telling Google to put the data back in their individual silos and stop mising and churning it

            And what defines "separate"? Facebook has a single privacy policy for your profile, photos, videos, blog posts, etc.

            All the EU is really doing is politically motivated posturing: they don't like Google because the big European corporations their member governments are in bed with haven't figured out how to compete with Google.

            • by Sique (173459) on Tuesday October 16, 2012 @04:10AM (#41666645) Homepage

              Actually, there are no European companies trying to compete with Google and failing. There are no European companies even trying. (I think, the last one was Telefónica, which bought Lycos years ago, but put it to rest in 2008). So which are those imaginary corporations you are talking about?

              • All the EU is really doing is politically motivated posturing: they don't like Google because the big European corporations their member governments are in bed with haven't figured out how to compete with Google.

                Actually, there are no European companies trying to compete with Google and failing. There are no European companies even trying. (I think, the last one was Telefónica, which bought Lycos years ago, but put it to rest in 2008). So which are those imaginary corporations you are talking about?

                Stop ruining our anti-american conspiracy hysteria with 'facts'...

          • by Solandri (704621) on Tuesday October 16, 2012 @03:11AM (#41666459)
            That's one benefit Google got from combining the privacy policies - obviously the one which makes Google look worst so it's the reason most commonly trotted out. The flip side is by having each service have its own privacy policy, users had to keep track of each separate privacy policy (and Google's employees working on multiple products were uncertain of what they could and couldn't do with the data). Subtle differences between policies got lost amidst the similarities. Consolidating everything into a single unified "Google policy" made it easier for users to know what they were getting and for Google to know what it could do.

            There are pros and cons to either approach. Anyone telling you one is universally better than the other is selling you something. Stripped of any nefarious advertising and creepy privacy invasion overtones, the default condition would be for Google to consolidate them into one policy simply to reduce bureaucracy and paperwork. So I think the onus should be on those advocating separate policies to justify why the benefits of having them separate outweigh the drawbacks.
            • by SnowZero (92219)

              Google Now [google.com] is an example of a product that could not exist without data sharing. The premise is that it cross references data to make timely suggestions, such as letting you know when you should leave for the airport if you have a flight, and if your flight is on time. It can do this even though you never explicitly told it you have a flight or made a calendar entry.

            • by AmiMoJo (196126) <mojo @ w orld3.net> on Tuesday October 16, 2012 @07:29AM (#41667355) Homepage

              Why does having a common privacy policy necessitate sharing data between services? They can have a single policy that says they won't share data with other Google services.

              • I WANT Google sharing data between services, because that is what makes using all the products under the Google umbrella a unified experience. I LIKE that my Google+ and GMail and Drive and Calendar and Picasa YouTube accounts are all linked and I don't have to manually cross-post things all the time.

                If you don't like it, then don't use Google's services. I don't see what business the EU has in this, it is not like there are not plenty of free alternatives to all of Google's services.

            • by tlhIngan (30335)

              (and Google's employees working on multiple products were uncertain of what they could and couldn't do with the data)

              The answer to that is obvious - do nothing. If you don't know if you can take YouTube viewing data and use it to influence search results, then simply don't. That puts the data from YouTube in a different silo than the search data. Failure to do so means one privacy policy is breached which people will call out Google on and lower their trustworthiness. Which is fine - Google's got a lot of g

          • by MrDoh! (71235)
            Ah, so it's the cross-sharing that was new? I always thought they were doing that anywhere, you just had to agree/turn it off in various places and the big merge was to do it in one location.
      • by geekoid (135745)

        I'll let you in on a clue.

        The same applies to American regulators. /. is full of people with a bias and no real experience in that area.

    • by Paradise Pete (33184) on Tuesday October 16, 2012 @12:55AM (#41666069) Journal

      I've never felt like I have been wronged by Google

      Right now Google's not hurting, so they can be more selective in what thy do with that data. But when times get tough, and they probably will, Google will resort to all sorts of tricks to keep that cash cow mooing.

      • Re: (Score:2, Flamebait)

        by Solandri (704621)
        And every man has a penis so they could potentially rape a woman. Every screwdriver could potentially be used to break into a house. Every Internet connection could potentially be used to download copyrighted material.

        An argument that someone has to be pre-prohibited from potentially doing something bad has to have more to it than an unsubstantiated assertion that "Google will resort to all sorts of tricks." Otherwise you can ban just about anything under the premise of protecting the greater good. It
      • by swillden (191260)

        I've never felt like I have been wronged by Google

        Right now Google's not hurting, so they can be more selective in what thy do with that data. But when times get tough, and they probably will, Google will resort to all sorts of tricks to keep that cash cow mooing.

        Why do you think that? Please keep in mind that due to the structure of the stock voting rights, the shareholders have zero power to force Larry Page, Sergey Brin and Eric Schmidt to do anything, and given that the terms laid out in Google's IPO make clear that Google will sacrifice short-term profits for long-term profits and will focus on treating users well even at the expense of profitability, there's no way to pressure them via the SEC or courts, either, since shareholders already bought into all that

  • Seriously? (Score:5, Insightful)

    by ras (84108) <russell-slashdot@@@stuart...id...au> on Tuesday October 16, 2012 @12:26AM (#41665949) Homepage

    All these web sites are owned by the same people. Are the EU saying a company can't mine the data the EU says it is allowed to collect? How on earth do you even police that?

    Besides, it's a non-issue, as it is under the users control anyway. If you don't want Google tying the data together use different use names on each site. It is not like it is rocket science.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      My issue is that google is forcing me to broadcast my private stuff to strangers.
      Google's issue is that people leave embarassingly shitty comments on videos.

      The obvious solution is just to turn off all personalization and feedback. However, Google -- stupidly -- is trying to build their own social network to rival Facebook. Their strategy is stupid, because for years they've triumphed by being better and less evil than the other guy. My approach was just to boycott other google products in favor of youtube.

      • Re:Seriously? (Score:4, Informative)

        by kqs (1038910) on Tuesday October 16, 2012 @01:14AM (#41666127)

        The obvious solution is just to turn off all personalization and feedback.

        Indeed. Much like some people commit fraud on the stock market. The obvious solution is to turn off the stock market. Brilliant!

        I'm not sure how google is forcing you to broadcast private stuff; I don't think they're forcing you to comment, are they? If you comment, and you know that the comment will be tagged with your real name, then there is no force, you just make a choice.

        • Re: (Score:2, Interesting)

          I'm not sure how google is forcing you to broadcast private stuff; I don't think they're forcing you to comment, are they? If you comment, and you know that the comment will be tagged with your real name, then there is no force, you just make a choice.

          Easy. They are forcing you to choose between all your comments being around forever, or keeping quiet forever.

          See, if one day you make a comment in real life to a friend, they probably won't remember next year what you said, and even so, nobody els

    • Re:Seriously? (Score:5, Insightful)

      by Zemran (3101) on Tuesday October 16, 2012 @01:16AM (#41666135) Homepage Journal

      "use different use names on each site."

      and do not forget to use different computers for each site as well because they track your use and know if you are using a different name on each site. So you need one computer for Google, one for Gmail, one for Youtube, etc.

      It is a big issue to a European that assumes a right of privacy but of course to an American who is only used to that right in name alone, this is not an issue. In Europe the data remains mine. I own it. They can use it only as I allow them to use my data.

      • by swillden (191260)

        and do not forget to use different computers for each site as well because they track your use and know if you are using a different name on each site. So you need one computer for Google, one for Gmail, one for Youtube, etc.

        Alternatively, don't log in (which means don't use Gmail, at least not via the web UI), and use the "keep my opt outs" add-on which Google provides so that Google is kept aware that you don't want to be tracked. Unless you're looking for a way to justify to your wife that you really have to have a dozen computers.

      • Opt out of the policy and don't use any of Google's services. Problem solved? Google is not a monopoly, there are a plethora of alternatives for any of their services. If you don't like their terms then they might as well take their ball and go home.

    • It is not like it is rocket science.

      No, but it is like rocket surgery.

    • by aepervius (535155) on Tuesday October 16, 2012 @03:30AM (#41666515)
      We have had law about privacy and IT and database for about as long as it started to become a phenomenon, I think back in the 80ies. For example you may not in certain circumstance do a join on database, or have races, skin color, religion, political affiliation, or whatnot mentioned in some database (I don't recall exactly when it is allowed, but you can take for granted that in a commercial database it is msotly not allowed). There is something similar on EU level.

      That you in the US (or any other country) don't care that you are the "product" is your problem. but if google want to have a commercial presence in EU it better respect our privacy laws. And No it is not YOUR responsibility to use different usernames, it is google responsibility to respect law and not join DB.
      • Almost 100% certain Google does none of the mixing you refer to. They don't even ask those questions.

    • by gl4ss (559668)

      not allowed to mine data they collect from different sources for different purposes? what's strange about that.

    • by jonbryce (703250)

      Yes that is correct. If you collect personal data for one purpose, you are not allowed to use it for another purpose without the data subject's permission.

      For example, if you collect data about a user's web browsing activity for the purpose of advising them if the page they are about to visit contains malware or is a phishing site, you can't then use it for targeted advertising without the user's explicit permission. Burying it in paragraph 11428 of the T&C that they never read is not obtaining their

  • Interesting, why don't they also require Microsoft to reverse its recent privacy policy change which is essentially the same (unification of the company's services).
    • by Elldallan (901501)
      They probably/quite possibly will, no one has ever accused a bureaucracy if being fast or nimble.
  • It's too bad people can't opt out of the intrusive data collection and privacy invasion schemes of the European governments. Frankly, I greatly prefer Google having my private data than the German or French government.

  • I don't like Google tying together all these services. I think it is a privacy nightmare and it's risky too. For example, if your Google account gets disabled because of a blog post, you lose access to all your Android apps and Google movies. But you know what? You have a choice.

    The sooner people realize this, the better, because that means it keeps alternative services viable. And there still are plenty of alternatives to every service Google offers.

    But we don't need European "privacy regulators". Sla

    • by gl4ss (559668)

      uhh.. many of these services WERE different services, like youtube.

      buying services and integrating data from them to google main db is googles business. that's not entirely within eu laws though.

  • Like it or not, it is not unreasonable to unify their policies. This idea to break it up again seems the wrong track, address what you don't like about the over arching policy, as presumably any new services will come under that.

Testing can show the presense of bugs, but not their absence. -- Dijkstra

Working...