As expected, a group of European data privacy advocates have asked for search giant Google to clarify what and how much information the company extracts from its customers.
In a letter to Google’s CEO Larry Page today (.PDF), the National Commission for Computing and Civil Liberties, or CNIL, argues that Google’s recent privacy policy overhaul fails to make it clear what user information is being collected by the company and hints that its actions may not be entirely in line with European law.
The watchdog consortium, which represents data regulators from all of the EU’s 27 countries, announced the claims this morning at a news conference in Paris, the headquarters of CNIL.
The letter, authored by CNIL’s Chairwoman Isabelle Falque-Pierrotin and signed by representatives from more than 20 other EU nations, calls on Google to indicate “how and within what timeframe” it will update its privacy policy.
If the company fails to address the complaints, it could be hit with fines or legal action, according to a report from the New York Times earlier today. The Times discussed the issue with Jacob Kohnstamm, the head of the Dutch Data Protection Authority, who hinted regulators would likely take legal action if Google failed to reshape their policy.
“After all, enforcement is the name of the game,” Mr. Kohnstamm told the paper.
Falque-Pierrotin echoes those sentiments, claiming fines could also be imposed.
In what was seen by privacy advocates as a dramatic move earlier this year, Google announced in January that in March it would synthesize 60+ privacy policies into one and treat its users as a single entity across all of its platforms (YouTube, Blogger, Google+, etc.).
The EU was skeptical from the get go, asking Google to delay the policy changes before repeatedly pressing the company into revealing more information about its data acquisition techniques. While Google responded to questionnaires sent by CNIL, the commission claims Google failed to adequately outline its intent and acknowledge “key data protection principles,” according to a press release today.
Europe is mostly taking issue with the fact that Google combines data from users across all services without their explicit consent and doesn’t set limits on how long it retains certain data.
The letter goes on to outline 12 things Google should do to clarify the purpose and combination of data, including simplifying opt-out mechanisms, limiting the combination of data for passive users and implement an article from the European ePrivacy Directive.
According to an official statement from Google’s Global Privacy Counsel Peter Fleischer, the company is reviewing the report but insists, “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law,” Fleischer claimed Tuesday.