EU regulators fire warning shots across Google's bow on data privacy

EU vs Google: the data privacy battle continues...

EU vs Google: the data privacy battle continues...
EU vs Google: the data privacy battle continues...

Google appears to be skating on thin ice once again with EU regulators, after it apparently failed to act on a draft privacy specification presented at an early July meeting between the search engine giant and no less than five European data protection authorities   

According to a published letter from Isabelle Falque-Pierrotin, the chair of the EU's Article 29 data protection working party, at the 2 July meeting, Google was presented with a draft specification on data privacy.

In this week's letter
, however, Falque-Pierrotin says that Google must meet its obligations with respect to the European and national data protection legal frameworks and now has to determine the means to achieve these legal requirements.

"In order to guide Google in this compliance effort, the Article 29 Working Party [an EU umbrella data privacy organisation] has developed guidelines containing a common list of measures that your company could implement. A draft version was presented to representatives of Google on 2 July 2014, at a meeting in Paris in the presence of five European Data protection authorities," said the 23 September letter.

"The guidelines have been elaborated in the context of this specific coordinated EU investigation into Google's privacy policy. The Article 29 Working Party may also consider issuing guidance on specific issues to the entire industry, at a later stage," it added.

Whilst Working Party 29 cannot sanction Google directly, its members have imposed financial penalties in several cases following Google's 2012 changes to its privacy policy, which various national privacy regulators found to be in breach of EU rules.

The EU working party is now looking to Google to update its privacy policy so that it features clear, unambiguous and comprehensive information regarding data processing, including a list of the types of personal data processed.

According to the Reuters newswire, data regulators in six European countries - Italy, France, Spain, Germany, Britain and the Netherlands - have already opened investigations into Google after it consolidated its 60 privacy policies into one and started combining data collected on individual users across its services, including YouTube, Gmail and Google Maps.

The problem with this new policy, says the newswire, is that it gives users no means to opt out of the programme.

The opt-out issue was also picked up by Nigel Stanley, practice director for cyber security, risk and compliance with OpenSky, who told SCMagazineUK.com that there really needs to be this facility for those Internet users that are concerned about their own data being collated by Google.

Page 1 of 2