The combined policy means that user data is shared and linked across more than 60 of Google’s services including Google Mail and YouTube. Google went ahead with the change in spite of the fact it was urged to hold off by the EU.
French watchdog, the CNIL, commended Google’s efforts to inform customers about the situation but said it doesn’t meet EU data requirements.
A letter from the CNIL to Google’s CEO, Larry Page said, “Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially regarding the information provided to data subjects.”
It said that its “impossible” for an average user to figure out the ins and outs of the policy such as what data is collected and how it is used. Part of the problem, it claims, is that Google’s numerous services differ greatly in both purpose and types of data processed. It wants Google to add the existing information with service and purpose specific details.
“The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.”
The firm said that sharing data across its services will improve the overall experience with things like personalised search recommendations. Users are now forced into the policy change unless they simply stop using Google’s services and delete accounts.
“The CNIL and EU data authorities are deeply concerned about the combination of personal data across services: They have strong doubts about the lawfulness and fairness of such processing, and its compliance with European data protection legislation.” The letter added.
The CNIL said it will fully address the situation in the coming weeks and will send a questionnaire to Google about its data processing activities before mid-March.