EU regulators ask Google to change privacy policy

A group of European data protection regulators, including the UK’s Information Commissioner, have called on web giant Google to reverse the changes it made to its privacy policy earlier this year.

In January, Google announced that it would be replacing the individual privacy policies for its various products and services – including GMail, YouTube and Google+ – with a single all-encompassing policy for each user.

The company said this would make its privacy policy easier to understand and "improve the user experience across Google".

Earlier this year, the Article 29 Data Protection Working Party, a group of European national data protection regulators, launched an investigation into the new policy following compliants from privacy advocates. Today, the Party published the findings of its investigation in an open letter to Google.

"The investigation showed that Google provides insufficient information to its users (including passive users), especially on the purposes and the categories of data being processed. As a result, a Google user is unable to determine which categories of data are processed in the service he uses, and for which purpose these data are processed."

"Secondly, the investigation confirmed our concerns about the combination of data across services. The new Privacy Policy allows Google to combine almost any data from any services for any purposes… Combining personal data on such a large scale creates high risks to the privacy of users."

"Finally, Google failed to provide retention periods for the personal data it processes."

The letter calls on Google to "modify its practices when combining data across services"; and "disclose and detail how it processes personal data in each service and differentiate the purposes for each service and each category of data."

The Article 29 working party does not explicitly accuse Google of breaking European law. In March, European commissioner of justice Viviane Reding had alleged that the new policy breaks European data protection rules that insist companies are transparent about how they handle customer data (although she admitted that the European Commission was powerless to prosecute Google).

Last month, Microsoft announced plans to combine the terms and services of all its online products, such as Hotmail and Skydrive, allowing it to reuse ‘content’ collected through any one service across all services. That announcement was met with rather less outcry than Google’s.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics