Google Privacy Policy Rethink Demanded By EU

Google is to be told by the EU to change the way it gathers personal information if it is to avoid “high risks to the privacy of users”.

Twelve recommendations were outlined in a letter signed by 24 of the EU’s 27 data regulators, Reuters reported.

It follows a nine-month investigation into the company’s data collection practices.

Since March, Google has combined data from sites like YouTube and Gmail to better target its advertising.

It meant 60 individual privacy policies for individual Google-owned sites were merged into a single policy for all of its services.

Reuters quoted the letter ahead of the EU’s official announcement, which will take place on Tuesday.

Google has maintained the policy complies with EU law.

But regulators immediately raised concerns about the changes when they were implemented earlier this year.

The French data regulator, CNIL, was tasked by the EU to investigate the policy on behalf of the other countries in the EU.

Location data

The investigations were overseen by the Article 29 Working Party, a group of representatives from each member state tasked with promoting the application of the EU’s Data Protection Directive.

It stopped short of declaring Google’s data gathering practices illegal, but made clear 12 measures the company must put in place to satisfy the concerns.

“Combining personal data on such a large scale creates high risks to the privacy of users,” the letter is understood to say.

“Therefore, Google should modify its practices when combining data across services for these purposes.”

Those recommendations are said to include a focus on personal information and browsing records, as well as the collection of location-based data and credit card details.

On Monday, a source at Google told the BBC that the company would look closely at the recommendations, but noted that the findings were not as serious as some industry watchers had predicted.

BBC