Updated: Privacy group launches legal bid to halt Google’s user data-sharing scheme

Google's plan to combine user data across its services has come under renewed attack, this time from a legal challenge in the US courts.

Privacy group the Electronic Privacy Information Centre (EPIC) has filed lawsuits asking the US government to put a halt to the search giant's recently announced privacy-consolidation plans before they take effect on 1 March.

Last week, European Union data protection officials asked Google to delay its plans for user data-sharing.

Google wants to unify its privacy policies and share user data across some 60 different services. Users of the services have been emailed in what Google describes as "the most extensive notification effort in [the compnay's] history". The changes are set to take place on 1 March.

But EPIC claims that Google's plan to combine user data breaks a consent order Google entered into on 11 October 2011 with the Federal Trade Commission (FTC) over the rollout of Google's defunct social network Buzz.

The consent order arose from a complaint that EPIC brought to the FTC on 6 February 2010 concerning Google's policy of populating Buzz with user data from Gmail, such as email addresses, without prior user consent.

EPIC has filed two documents, a complaint and a motion for temporary restraining order and preliminary injunction, in the Washington DC District Court.

Both actions are brought against the FTC, not Google, for failing to uphold the consent order.

This "places the privacy interests of literally hundreds of millions of internet users at grave risk," EPIC's lawyers write in their court submission. "The Federal Trade Commission has a non-discretionary obligation to enforce a final order."

Google's defence is that it is not sharing user data outside of its services, so users' privacy is not comprimised.

But EPIC's original complaint about Buzz claimed that "in some cases, Google's disclosure made public lists of followers and people to follow that included abusive ex-husbands [and] clients of mental health professionals or attorneys".

EPIC claimed the methods for opting out were confusing and obscure. The FTC agreed and granted the consent order.

In a written response to Computing, a Google UK spokesperson said: "We take privacy very seriously. We're happy to engage in constructive conversations about our updated privacy policy, but EPIC is wrong on the facts and the law."