Google’s new privacy policy appears to violate the European Union’s data protection rules, France’s regulator said today, just two days before the new guidelines are set to come into force.
Google announced its new privacy policy with much fanfare last month. The rules, which are set to come into force on Thursday, regulate how the Web giant uses the enormous amount of personal data it collects through its search engine, email and other services.
However, the EU’s data protection authorities are concerned about the privacy effects of the policy and earlier this month asked French regulator CNIL to investigate them.
“Our preliminary analysis shows that Google’s new policy does not meet the requirements of the European Directive on Data Protection,” CNIL said in a letter to Google Chief Executive, Mr Larry Page. The letter was sent Monday and posted on CNIL’s Web site Tuesday.
The agency said Google’s explanation of how it will use the data was too vague and difficult to understand “even for trained privacy professionals”.
The new policy makes it easier for Google to combine the data of one person using different services such as the search engine, YouTube or Gmail if he is logged into his Google account.
That allows Google to create a broader profile of that user and target advertising based on that person’s interests and search history more accurately. Advertising is the main way Google makes its money.
However, CNIL said data protection authorities in the EU “are deeply concerned about the combination of personal data across services,” adding they had “strong doubts about the lawfulness and fairness of such processing.”
Ms Vivian Reding, EU’s Justice Commissioner who oversees the bloc’s data protection rules, said she welcomed CNIL’s letter and called on Google to delay its new policy.
Google argues that combining the data into one profile makes search results more relevant and allows a user to cross-navigate between different services more easily.
It says the main purpose of the new policy is to combine the more than 70 different rules for Google’s wide-ranging services into one that is simpler and more readable.
“We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles,” Mr Peter Fleischer, Google’s global privacy counsel, wrote in response to CNIL’s original letter, adding that users had more than a month to get familiar with the new rules.