Google’s decision to consolidate more than 60 different privacy policies into a single workable policy to better target advertising and serve users has raised the ire of 24 of Europe’s 27 data protection regulators who have urged it to rethink its business model.
The 24 regulators have made 12 recommendations in a letter ahead of an official EU announcement today on the matter.
A letter sent to Google by the regulators warns that combining data on such a vast scale after combining 60 different policies creates significant risks to the privacy of users.
It stopped short of declaring Google’s new policy illegal but has recommended clearer information for users, improved control over the combination of data across Google’s numerous services, which include YouTube and Gmail, and that Google modifies the tools it uses to avoid an excessive collection of data.
EU wants some satisfaction
"In particular, Google did not provide satisfactory answers on key issues such as the description of its personal data processing operations or the precise list of the 60+ product-specific privacy policies that have been merged in the new policy.
“The analysis of Google’s answers and the examination of numerous documents and technical mechanisms by the CNIL’s experts have led EU data-protection authorities to draw their conclusions and make recommendations to Google.
“The EU data-protection authorities challenge Google to commit publicly to these principles,” CNIL said.
Google’s global privacy counsel Peter Fleischer commented: “We have received the report and are reviewing it now.