The Inquirer-Home

French data protection watchdog slams Google over privacy failings

Google needs to shed light on how personal data is used
Tue Oct 16 2012, 10:36
google logo search engine seo

THE FRENCH DATA PROTECTION AUTHORITY CNIL has delivered its findings on Google and its most recent privacy policy, and the results should make uncomfortable reading for the internet giant.

The CNIL said that the policy is too wide, and that Google has not cooperated with it in resolving these issues.

It has asked Google to publicly commit to the rules of data protection, and told it to give users more control over their data and make it easy for them to opt out of any changes that it might bring about.

The CNIL said that it was not clear whether Google actually respects "key data protection principles," adding that it, and other European data protection authorities, want it to publicly commit to things like "data quality, data minimisation, proportionality and right to object".

As an example, it said that the privacy policy makes no distinction between how Google processes something like a search query and a credit card number. The CNIL and its peers have asked Google to be clearer about what data it collects, and why it collects it.

It said that it should provide comprehensive information on this, and offer three levels of detail that could be applied, or referred to, by users depending on to what level they engage with its services. "The ergonomics of the Policy could also be improved with interactive presentations," it added.

Currently, the Google collection picture is bleak. The firm collects too much information, said the CNIL, and combines it in very broad ways.

"The European DPAs note that this combination pursues different purposes such as the provision of a service requested by the user, product development, security, advertising, the creation of the Google account or academic research," it said in its statement.

"The investigation also showed that the combination of data is extremely broad in terms of scope and age of the data."

Google has been told to change its practices when collecting and combining data and to make sure that it has its users' consent before it does any such thing. It should, said the CNIL give users the chance to consent, or refuse such combinations.

The CNIL said that it had the agreement of 27 other European data watchdogs.

Google and the CNIL had apparently been working closely on resolving their differences, but still failed to meet an accord.

Following earlier criticisms, Google told us in May that it had requested a sit down and discussion with the French government watchdog.

"We asked for a meeting with the CNIL," said a spokesperson. "Having a meeting with them gives us chance to put things into context and explain the broader actions we are taking to protect our users' privacy."

The CNIL criticisms followed Google's decision to create a single privacy policy that covered users across all of its services. When they launched, the CNIL called them unlawful and wrote to Larry Page with its concerns.

"Our preliminary analysis shows that Google's new policy does not meet requirements of the European Directive on Data Protection, especially regarding the information provided to data subjects," said Isabelle Falque-Pierrotin from the CNIL.

"The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such proceedings." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?