European Privacy Regulators Cite “Several Legal Issues” With Google’s Privacy Policy

Today , in an unprecedented move, 27 of Europe’s privacy enforcement agencies signed a letter to Larry Page demanding Google takes action over its treatment of personal data gathered from citizens across Europe, citing “several legal issues with the new privacy policy and the combination of data”.

The letter confirms what ICOMP and many others feared – that Google’s actions and responses to the enquiry Have not demonstrated that your company endorses the key data protection principles of purpose limitation, data quality, data minimization, proportionality and right to object . Indeed, the [Google] Privacy policy suggests the absence of any limit concerning the scope of the collection and the potential uses of the personal data.”

ICOMP believes the investigation has shone a light on Google’s business model which depends on amassing as much data on individuals as possible in order to support its advertising business.  The combination of Google’s dominance and scale, plus the co-mingling of data from numerous services without the express consent of the individuals involved presents a massive risk to personal privacy.  This has now been confirmed as contravening privacy regulations in Europe and likely many other jurisdictions.

Europe’s privacy regulators suggested a number of specific remedies that effectively require Google to unwind its ability to illegally combine data and to offer a truly informed choice to its users. While this strikes to the heart of Google’s desire to enrich its trove of personal data, ICOMP hopes that Google will engage quickly, openly and fully with these requirements and so come back into compliance in this crucial area.

Furthermore, ICOMP urges all 27 EU privacy enforcement agencies who signed the letter and other privacy enforcers around the world to ensure that personal data gathered and combined in this way since the new privacy policy was implemented in the face of their opposition, is deleted so as to present no further risk to the consumer. A comprehensive monitoring oversight regime should be established to not only ensure this is the case, but also to police Google’s compliance with the other remedies suggested in the letter.