Europe's watchdogs give Google a shopping list of how to sort out privacy

The Article 29 Working Party has given Google a bunch of recommendations on how to brings its unified privacy policy into line with European law.

After a series of clashes with Google , Europe's data privacy watchdogs have drawn up a list of measures they'd like to see the search giant implement.

Back in 2012, Google merged all of the privacy policies for its individual services into a single, unified policy. That decision proved unpopular with Europe's regulators , which found it to be against European law. France's data protection watchdog CNIL subsequently  fined the company €150,000 , while six other countries' regulators have started legal proceedings against the company over the matter.

On Thursday, the Article 29 Working Party – an organisation made up of Europe's local data watchdogs and known as WP29 – published a series of recommendations that it believes would bring Google back on the right side of the law.

Many of the recommendations demand Google make its policies more clear to the average user, providing an "exhaustive list" of which data will be gathered and how it will be used, which companies apart from Google can make exploit it, and making sure that the privacy policy can be reached with a single click from any Google service landing page.

The WP29 also recommends that privacy policies should be made available for all Google devices, including those from its smart home business Nest. Given Nest devices don't have typical Google UIs, the policies should be shown when the devices are first configured on, for example, a user's PC.

Data watchdogs also want to see Google do better at helping users decide how their data should and shouldn't be used. "Google must provide users with more elaborate tools to manage their personal data," it said, including allowing users to configure settings individual for each Google services they use.

The body also suggests that Google provide details of its anonymisation practices and data retention policies.

"The recommendations are provided for illustrative purposes only and may not be the only means by which Google could achieve compliance. They should be regarded as potential solutions in order to give practical suggestions as to how the requirements could be fulfilled. They do not pre-empt enforcement actions by national authorities based on national law," the WP29 said.

The full set of recommendations can be found here (PDF). Google declined to comment on this story.

Read more on this story

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All