Google’s new privacy policy criticised by national DPAs in the EU

Isabelle Falque-Pierrotin, President of France's Data Protection Authority, the CNIL, on behalf of the EU's Article 29 Data Protection Working Party, says that Google’s new privacy policy does not meet the requirements of the EU Data Protection Directive, especially with regard to information provided to data subjects.

“Google’s online services are numerous and differ greatly both with regard to purposes and types of data they process. The new privacy policy provides only general information about all the services and types of personal data Google processes. As a consequence, it is impossible for average users who read the new policy to distinguish which purposes, collected data, recipients or access rights are currently relevant to their use of a particular Google service”, the CNIL said in a letter to Google's Chief Executive Officer, Larry Page, dated 27 February.

The CNIL says that while this has been just its initial analysis, it will now send Google a questionnaire to better understand how the new policy works. It also asks Google to pause implementation until a full analysis has been conducted.

Google’s new privacy policy is due to take effect on 1 March. Earlier this month, the Electronic Privacy Information Center (EPIC) took the issue to court in the US claiming that Google violated a previous settlement with the US Federal Trade Commission (FTC). However, a District Judge said that enforcing the FTC Consent Order is not subject to judicial review.

See the letter from CNIL.