By Benjamin Fox
Search-engine Google has been ordered to re-write its data collection rules after EU regulators found that they were in breach of EU data protection laws.
A letter to Google CEO Larry Page signed by 24 of the EU's 27 national data protection regulators said that the software-giant had "not demonstrated that your company endorses the key data protection principles of purpose limitation, data quality, data minimisation, proportionality and right to object."
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
The regulators, who collectively make up the Article 29 working party on data protection, also spelt out a 12-point plan for Google to comply with EU law on data protection and retention as well as the e-privacy directive.
These include requirements to get explicit consent from users to use and combine their data and create a simple opt-out mechanism for users. Google should also publish how it uses and processes personal data. However, they have steered clear of accusing the software-giant of intentionally breaking the law and of possible fines or other sanctions.
The report concludes a long-running investigation into Google's practices led by French data regulator CNIL starting in March over the ways that Google collects personal data.
Following the announcement, Auke Haagsma, director of ICOMP, a group of software companies including Microsoft that campaigns against Google's dominant market status, told this website that the "unprecedented action by close to 30 privacy enforcement agencies all over Europe shows the severity of Google’s violations.”
“Google wants us to believe that enforcing the privacy laws will end the Internet as we know it, but the opposite is true. It is only if users’ trust that their personal data will not be collected and used against their wishes, that they feel confident enough to use all the important possibilities that the internet offers,” he said.
MEPs also lined up to launch broadsides against Google with MEPs Angelika Niebler and Philippe Juvin, who chair the centre-right EPP's working group on Internet policy, commenting that "Google must change its standards and raise them."
For his part, Belgian centre-left MEP Marc Tarabella, said that it was "unacceptable that European consumers are not clearly aware of what Google does with data inputted by them in good faith into the search engine."
Google said it needs time to come with full response.
"We have received the report and are reviewing it now," said Peter Fleischer, Google's global privacy counsel.
The ruling comes as the European Parliament prepares to enter negotiations on plans to overhaul EU data protection rules.
The reforms published by the European Commission in January include steps to increase people's control over their personal data, giving them the right to remove their data from company lists. It also tightens the rules on how companies can use data.