EU regulators find legal problems in Google privacy policy

European data and privacy regulators have discovered flaws in the revised and consolidated Google privacy policy, months after launching an investigation into the search giant's privacy rules.
Written by Zack Whittaker, Contributor

European privacy regulators have found flaws in Google's revised privacy policy, which may breach EU data protection laws.

A majority of the European data and privacy regulators have signed and sent a joint letter to the California-based search giant asking the firm to make changes to its revised policy, wire agency Reuters reported today.

24 of the 27 member states' data protection regulators signed the letter, with the exception of Greece, Romania and Lithuania.

The regulators have asked Google to explain the firm's intentions and detail methods for sharing user data across its services. The letter also said that Google must seek "explicit consent" when combining users' data together.

"Combining personal data on such a large scale creates high risks to the privacy of users," adding: "Internet companies should not develop privacy notices that are too complex, law oriented or excessively long."

European data and privacy watchdog the Article 29 Working Party asked the search giant to put the new privacy policy, which first went live on March 1, on ice until it could be determined if the new policy infringed or breached European data protection laws.

The move allowed the search company to easily tie users' data from one service to another, allowing an enhanced experience for the end user, Google claims, while at the same time allowing for more targeted advertising suited for the user. 

However, critics claim the new "data-sharing policy" allows Google to build up a more specific and accurate picture of its users. While the data remains anonymous to the likes of advertisers, privacy groups have warned that the collection of data makes it far easier to pinpoint who the user is.

While Google Apps customers -- including Government, Education, or Business users -- would be "unaffected" by the changes, hundreds of millions of consumers may be affected by the change if deemed to fall foul of EU law.

Google Wallet and Google Chrome have separate policies governing the user's data use, and are not affected by the merging of Google's other policies.

It comes as The Guardian first reported that the European Commission will decide on Tuesday whether or not the search giant has breached European law as per its consolidation of privacy policies earlier this year.

The search giant may be fined a mere few hundred thousand euros, but could also be forced by Europe to roll back the changes. A lawyer speaking to the London-based newspaper earlier this year said it would be like trying to "unscramble the egg."

The French data protection agency, the Commission Nationale de l'Informatique (CNIL), charged with investigating the new privacy policy, was due to give its verdict in September, but delays held back the decision.

The CNIL is expected to release its findings on Tuesday.

Editorial standards