European Union data regulators are unhappy with Google’s current privacy policies, and are threatening the company with fines.
The Commission Nationale de l’Informatique (CNIL), France’s data protection authority, took the lead on an inquiry. On Tuesday, it claimed the policy broke European data protection law and published a list of recommendations it urged Google to adopt.
CNIL claimed Google did not provide satisfactory responses to questions about how it processes personal data, and urged Google to change the policy so users can have a clearer understanding of the data being collected about them and how it is is being used.
CNIL added that Google does not indicate how long the data will be stored. If you’re logged in to a Google account and merely visit a website which has the +1 button, your visit is recorded and that data retained for at least 18 months, with the possibility of that data being shared with other Google services. Data collected through advertising service DoubleClick is stored for two years, though that storage can be renewed.
The recommendations to Google included allowing users to give their express consent before data collected by one Google service is shared with another and give them better control over how data is combined by making it easier to opt-out of certain services.
In all, 29 regulators in Europe backed the recommendations, and Google has been threatened with fines or legal action if it does not comply within the next few months. Google insisted that it had not broken the law.
Photo by bfishadow/Flickr