European Union data regulators are unhappy with Google’s current privacy policies, and are threatening the company with fines.
Google has slated multiple changes to its privacy policy related to services like YouTube and Gmail. However, the regulators claimed the updates result in the “uncontrolled” use of users’ personal data without their explicit consent.
The Commission Nationale de l’Informatique (CNIL), France’s data protection authority, took the lead on an inquiry. On Tuesday, it claimed the policy broke European data protection law and published a list of recommendations it urged Google to adopt.
CNIL claimed Google did not provide satisfactory responses to questions about how it processes personal data, and urged Google to change the policy so users can have a clearer understanding of the data being collected about them and how it is is being used.
Google rolled out a unified privacy policy for around 60 of its services in March with the aim of making it easier to sign up for a new Google service and maintain a unified profile across many of them. One outcome is that it lets Google collect more information about how you use its services, which can be used for advertising purposes.
CNIL added that Google does not indicate how long the data will be stored. If you’re logged in to a Google account and merely visit a website which has the +1 button, your visit is recorded and that data retained for at least 18 months, with the possibility of that data being shared with other Google services. Data collected through advertising service DoubleClick is stored for two years, though that storage can be renewed.
The recommendations to Google included allowing users to give their express consent before data collected by one Google service is shared with another and give them better control over how data is combined by making it easier to opt-out of certain services.
In all, 29 regulators in Europe backed the recommendations, and Google has been threatened with fines or legal action if it does not comply within the next few months. Google insisted that it had not broken the law.
“We have received the report and are reviewing it now,” said Peter Fleischer, Google’s global privacy counsel, in a statement given to The Guardian. “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”
Photo by bfishadow/Flickr