Google needs to improve its privacy practices
This article is also available in:
Deutsch: Google muss seine Datenschutzpraxis verbessern
On 16 October 2012, a letter signed by the 27 European Data Protection Authorities (DPAs) was sent to Google, asking for better privacy practices of the company, accusing Google of illegality and putting into question the viability of the company’s operations within the European legal environment.
One example given in CNIL’s findings is related to credit card information: "Confidentiality rules do not make difference in treatment between a trivial content search and the number of credit card or telephone user. All these data can be used interchangeably for all the purposes mentioned in rules."
The DPAs recommend that Google reinforces the users' consent to the combination of data for the purposes of service improvements, development of new services, advertising and analytics, by letting users choose when their data are combined. Google should have a legal basis to perform data combination of these purposes and data collection must also remain proportionate to the purposes pursued. For the present, for some of these purposes, the processing is not based on consent, Google's legitimate interests, or on the performance of a contract. Moreover, Google refused to provide retention periods for the personal data it processes.
Google was given three to four months to comply with the recommendations or face sanctions.
Letter from 27 European DPAs to Google (16.10.2012)
combination of data across services (16.10.2012)
And Users Need More Control (But Not Illegal) (16.10.2012)
Europe to Google: respect our laws or face the consequences (16.10.2012)