European Union data protection authorities have found legal problems with Google’s new privacy policy and asked the company to make changes, a letter from a majority of the bloc’s national regulators seen by Reuters said.
The letter, which stopped short of declaring Google’s approach to collecting user data illegal, comes after a nine-month investigation led by France’s Commission Nationale de l’Informatique (CNIL) on behalf of the EU’s regulators.
Google must spell out its intentions and methods for combining data collected from its various services, and the web search giant must ask its users for explicit consent when bundling their data together, the regulators say in the letter sent to Google.
“Combining personal data on such a large scale creates high risks to the privacy of users,” says the letter, signed by 24 of EU’s 27 data regulators plus those of Croatia and Liechtenstein. It has not yet been signed by data regulators from Greece, Romania and Lithuania.
“Therefore, Google should modify its practices when combining data across services for these purposes.”
In February, the French regulator CNIL told Google it would lead a European-wide investigation of Google’s update to its new privacy policy and would send it questions by mid-March.
Under its new system, which the company introduced in March, Google consolidated 60 privacy policies into one and began pooling data it collects on users across its services, including YouTube, Gmail and its social network Google+.
Google replied to CNIL with a 94-page document but that regulators found unsatisfactory.
They spelled out 12 ‘practical recommendations’ they say Google needs to adopt to bring its privacy policy in line.
The first five ask the company to give users more information about how their personal information and browsing records will be used, with special attention paid to location data and credit card data.
Google could not immediately be reached for comment.
Source : Reuters