Google told to change its privacy policy, give users more control… or else

google privacy

google privacy

Google’s questionable new privacy policy is in the spotlight again, after an investigation ordered by European Union data collection authorities has asked the company to give users more control over their privacy and amend its tools to avoid collecting an excessive amount of their data. Plus one to that.

The French-based Commission Nationale de l’Informatique (CNIL), the organisation which conducted the study, released its findings today on the new consolidated privacy policy Google implemented in March. It said that it was not clear that Google respected core data collection principles and that the tech giant’s policy didn’t state any limits for the collection of its users’ data or say how the information would be used.

It also said that the unified privacy policy, which governs all Google products from Android to Gmail and +1 buttons, doesn’t clearly state which information is gathered from the user or exactly why it is stored in the first place. Users who click on +1 buttons or Google’s ads on third party websites are not given any information “at all” about the fact that their information is gathered and used by Google, the report said. The commission also suggested that Google hadn’t answered its questions sufficiently — it had to send them a second round of questions in May because Google gave “incomplete or approximate answers,” but it seems it still wants more detailed insight into exactly what Google gets up to with your data.

The organisation said that Google needs to have a legal basis to gather all this information, and the amount of data collected needs to be proportional to the purpose of its use. Users don’t know if their information is being used for service improvements, the development of new services or for advertising purposes.

The CNIL wants Google to:

  • Provide clearer and more comprehensive information about the data it collects, through a reworked privacy policy that makes the process more transparent, informing users about how their data is used through interactive presentations.
  • Give users control over how their data is combined from different services. For example, how they combine your viewing data from YouTube with your search history, +1 button activity, etc.
  • Confirm that their users are aware of how their information is used and obtain their consent before combining data from different products.
  • Give users the option to opt-out of data collection and make it a simple process.

Google has between three and four months to implement the recommendations or face legal action. Speaking to the BBC, Google’s global privacy counsel Peter Fleischer said it is reviewing the report. “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products,” he said. “We are confident that our privacy notices respect European law.”

Some parts of the report are bound to receive some ‘I told you so’s from the privacy advocates. For example, did you know that “the mere consultation of a website including a +1 button” (like this one… sorry) is recorded, and Google stores that information for up to 18 months? Some of the commission’s recommendations are also supported by authorities in Canada and the Asian-Pacific region, which means that Google could have more to worry about than just the European Union.



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.