CNIL Findings “Recommend” Google Alter EU Privacy Policy

EU data protection agencies have said that Google’s new privacy policy is not in full compliance with European law, following its decision earlier this year to consolidate sixty separate policies into a single item.

Google made the move so that it could improve its targeted advertising strategy, by pooling available data from its full range of products, including Gmail, Search, Google+ and YouTube and using it to predict the kinds of ads most likely to appeal to its users.

When it did so, the French watchdog CNIL almost immediately announced it would be launching an inquiry into the move, to ascertain its legality. SiliconANGLE reported yesterday that CNIL had already come to the conclusion that Google was in breach of EU data protection laws, and now the firm has been ordered to make changes to its privacy policy.

Isabelle Falque-Pierrotin of CNIL told Google that it needed to provide clearer information about the kind of data it is collecting from its users, and it should better explain the purpose behind doing so. In addition, CNIL has ordered Google to allow users ‘control’ over how their personal data is

The scope of CNIL’s investigation into Google goes far beyond its home nation of France. The watchdog was acting on behalf of 27 countries in the EU, although the states of Greece, Lithuania and Romania refused to sign up for its findings. On the other hand, non-EU states Liechtenstein and Croatia have both agreed to ratify them, meaning that any changes Google makes would need to be effective in a total of 29 countries.

However, there is the chance that Google may decide not to make any changes and fight CNIL’s decision. Despite the French body’s recommendations, in no way does it explicitly order Google to change the ‘meat’ of its privacy policy – implying that the policy itself does actually comply with EU law, just that Google needs to explain things more clearly.

Google has been given “three-to-four months” to make the required changes as stipulated by CNIL; if it fails to do so, it could potentially face sanctions, although what these will be remains anyone’s guess.

Google is yet to react to CNIL’s findings.

About Mike Wheatley

Mike loves to talk about Big Data, the Internet of Things, Hacktivists and hacking, but he also hates Google and can never resist having a quick dig at them should the opportunity arise :) Got a REAL news story or tip? Email Mike@SiliconANGLE.com.