EU slams Google data protection practices

Posted by Emma Woollacott

EU regulators have, as expected, asked Google to reverse changes it made earlier this year to its privacy policy.

The policy was announced in January and introduced in March, combining all the personal data Google holds on its users into one place.

But in what's turning out to be a difficult week for Google, France's data protection authority, CNIL, has been investigating the new policy on behalf of the EU, and is scathing in its conclusions.

"The Privacy policy suggests the absence of any limit concerning the scope of the collection and the potential uses of the personal data," it says. "The EU Data protection authorities challenge Google to commit publicly to these principles."

CNIL criticizes Google for failing to answer its questions adequately.

"In particular, Google did not provide satisfactory answers on key issues such as the description of its personal data processing operations or the precise list of the 60+ product-specific privacy policies that have been merged in the new policy," it says.

It's now calling on the company to give users clearer information and more control over the use of their data, and wants it to modify its data collection tools to avoid collecting 'excessive' amounts.

"As data protection regulators, we expect that Google takes the necessary steps to improve information and clarify the combination of data, and more generally ensure compliance with data protection laws and principles," it warns in a letter to Google chairman Larry Page.

The letter's been endorsed by data protection regulators in Asia and Canada, as well as all 27 EU regulators.