We reported back in May that French data privacy regulator CNIL was examining Google's new privacy policy which consolidated 60 separate privacy policies into one single agreement.
CNIL's conclusions were presented on Tuesday this week to a press conference in Paris where CNIL's president Isabelle Falque-Pierrotin said the company had "three or four months" to make the revisions, otherwise "authorities in several countries can take action against Google".
In a letter to Google which was made public before the press conference Google has been told it should give clearer information about what data is being collected and for what purpose. It has also been told to give users more control over how information is combined.
CNIL has highlighted the following issues which need to be addressed:
- Google must "reinforce users' consent"
- Offer a centralised opt-out tool and allow users to decide which of Google's services provided data about them
- Google should adapt its own tools so that it could limit data use to authorised purposes
Google has been warned that if it does not take appropriate action CNIL would "enter a phase of litigation".
Google on the other hand have said that they are confident that their privacy notices "respect European law" and they are reviewing CNIL's findings.
It is encouraging to see that regulators are live to and taking privacy issues seriously. However the Google privacy policy is a classic example of balancing considerations of protection of rights and innovation. Larry Page Google's Chief Executive has said that without the current policy recent Google products would not be possible including for example the new Android app called "Google Now". It will be interesting to see what Google make of CNIL's conclusions and whether the required changes are made with or without the threatened litigation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
