European data protection authorities: Google violates privacy rules

By EDRi · February 29, 2012

This article is also available in:
Deutsch: [WP 29: Google verstößt gegen den Datenschutz|]

A few days in advance of Google’s revision of its privacy policies,
European data protection authorities (DPAs) find that Google’s new
privacy policy would infringe European data protection rules. The lead
DPA, the French CNIL, points out that the policy is too vague and raised
concerns about the combination of data collected via different services.
It requested Google to suspend the roll-out of the new policy until CNIL
has completed its analysis. Google dismissed the concerns and noted that
it would implement the policy on 1 March 2012.

The letter is part of an investigation by the Article 29 Working Party
into Google’s new privacy policy. The Working Party raises two concerns
in its preliminary analysis. Firstly, it is impossible for average users
who read the new policy to discern how parts of the policy apply to the
use of a particular Google service. Secondly, the Working Party has
strong doubts about the lawfulness and fairness of the combination of
personal data across services. The Working Party will fully address this
question in the following weeks.

Letter of CNIL to Google (27.02.2012)

Letter of Google to CNIL (28.02.2012)

(contribution by Ot van Daalen – EDRi-member Bits of Freedom Netherlands)