Sunday

24th Jul 2016

Google privacy policy breaks law, EU data chiefs say

  • EU data protection chiefs say Google's privacy settings break law. (Photo: Jonathas Rodrigues)

Search-engine Google has been ordered to re-write its data collection rules after EU regulators found that they were in breach of EU data protection laws.

A letter to Google CEO Larry Page signed by 24 of the EU's 27 national data protection regulators said that the software-giant had "not demonstrated that your company endorses the key data protection principles of purpose limitation, data quality, data minimisation, proportionality and right to object."

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

The regulators, who collectively make up the Article 29 working party on data protection, also spelt out a 12-point plan for Google to comply with EU law on data protection and retention as well as the e-privacy directive.

These include requirements to get explicit consent from users to use and combine their data and create a simple opt-out mechanism for users. Google should also publish how it uses and processes personal data. However, they have steered clear of accusing the software-giant of intentionally breaking the law and of possible fines or other sanctions.

The report concludes a long-running investigation into Google's practices led by French data regulator CNIL starting in March over the ways that Google collects personal data.

Google changed its data collection practices in March after warning customers using its Gmail and Google+ network of the change. It had claimed that the new Privacy Policy, which allows the company to collect and combine data from any of its services, enabled it to improve the accuracy of its search results and targeted adverts and was not in breach of European law.

Following the announcement, Auke Haagsma, director of ICOMP, a group of software companies including Microsoft that campaigns against Google's dominant market status, told this website that the "unprecedented action by close to 30 privacy enforcement agencies all over Europe shows the severity of Google’s violations.”

“Google wants us to believe that enforcing the privacy laws will end the Internet as we know it, but the opposite is true. It is only if users’ trust that their personal data will not be collected and used against their wishes, that they feel confident enough to use all the important possibilities that the internet offers,” he said.

MEPs also lined up to launch broadsides against Google with MEPs Angelika Niebler and Philippe Juvin, who chair the centre-right EPP's working group on Internet policy, commenting that "Google must change its standards and raise them."

For his part, Belgian centre-left MEP Marc Tarabella, said that it was "unacceptable that European consumers are not clearly aware of what Google does with data inputted by them in good faith into the search engine."

Monique Goyens, director general of the European Consumer Organisation (BEUC), said that the investigation confirmed "our concerns that Google's privacy policy sits on the wrong side of EU data protection rules".

Google said it needs time to come with full response.

"We have received the report and are reviewing it now," said Peter Fleischer, Google's global privacy counsel.

"Our new privacy policy demonstrates our long-standing commitment to protecting our users' information and creating great products. We are confident that our privacy notices respect European law."

The ruling comes as the European Parliament prepares to enter negotiations on plans to overhaul EU data protection rules.

The reforms published by the European Commission in January include steps to increase people's control over their personal data, giving them the right to remove their data from company lists. It also tightens the rules on how companies can use data.

Investigation

ECB in ‘bail-out’ of scandal-tainted VW

The ECB has started to “bail out” Germany’s Volkswagen Group by buying its corporate bonds, but other EU-linked banks continue to shun the scandal-tainted firm.

Stakeholders' Highlights

  1. Belgrade Security ForumMigration, Security and Solidarity within Global Disorder: Academic Event Agenda for 2016
  2. GoogleHow Google Fights Piracy: Creating Value While Fighting Piracy
  3. EJC"My Visit to Israel" - Opinion by MEP Lopez Aguilar, Chair of the EP Working Group on Antisemitism
  4. World VisionChildren Migrating, Out of School and at Work as Hunger Deepens in Southern Africa
  5. European Healthy Lifestyle AllianceStand-Up (and Exercise) to Prevent Chronic Diseases
  6. Centre Maurits CoppietersLaunches a Real-time News Hub Specialised in EU Stakeholders
  7. Dialogue PlatformFethullah Gulen Calls for International Probe Into Turkey Coup Allegations
  8. GoogleEU-US Privacy Shield: Restoring Faith in Data Flows and Transatlantic Relations
  9. World VisionWorld Leaders & Youth Advocates Launch Partnership to End Violence Vs. Children
  10. Counter BalanceReport: Institutionalised Corruption in Romania's Third Largest Company
  11. Access NowEuropol Supports Encryption. We Can Relax Now… Right?
  12. GoogleLearn about Google's projects across Europe on Twitter @GoogleBrussels

Latest News

  1. Munich attack might not have been terrorism
  2. A very British (and Corbynite) coup
  3. Poland 'changing for the worse' for Muslims and refugees
  4. EU aims to lift visas on Turks despite purge
  5. ECB in ‘bail-out’ of scandal-tainted VW
  6. EU failed to learn lesson from Brexit, Poland says
  7. UK accord on EU workers 'crucial', France says
  8. EU and US take different lines on Turkey crackdown