The organisation said that Google needs to have a legal basis to gather all this information, and the amount of data collected needs to be proportional to the purpose of its use. Users don’t know if their information is being used for service improvements, the development of new services or for advertising purposes.
The CNIL wants Google to:
- Give users control over how their data is combined from different services. For example, how they combine your viewing data from YouTube with your search history, +1 button activity, etc.
- Confirm that their users are aware of how their information is used and obtain their consent before combining data from different products.
- Give users the option to opt-out of data collection and make it a simple process.
Some parts of the report are bound to receive some ‘I told you so’s from the privacy advocates. For example, did you know that “the mere consultation of a website including a +1 button” (like this one… sorry) is recorded, and Google stores that information for up to 18 months? Some of the commission’s recommendations are also supported by authorities in Canada and the Asian-Pacific region, which means that Google could have more to worry about than just the European Union.