European data watchdogs tell Google how to write a privacy policy
Posted by Unknown on Friday, September 26, 2014 | 0 comments
THE ARTICLE 29 DATA PROTECTION WORKING PARTY has written to Google CEO Larry Page and reminded him that it is about time for Google to sort out its privacy policy problem, and told him how to do it.
Google and European data protection watchdogs are like oil and water, but there have been moves towards more friendly relations.
The Article 29 letter keeps things friendly, but is rather compelling. "Dear Mr Page," it begins.
"At the beginning of 2012, EU data protection authorities launched an in-depth investigation to assess the compliance of Google's privacy policy with European Data Protection legislation. This process unveiled several issues with the privacy policy and the combination of data across services.
"Procedures were conducted in 2013 and 2014 in a number of EU Member States, some of which concluded that the current privacy policy did not meet the requirements laid down in the respective national laws."
The letter says that the Working Party wants to help and has already provided Google with a set of guidelines for improvement (PDF). It suggests that now is the time for Google to start working from it.
"In order to guide Google in this compliance effort, [we] developed guidelines containing a common list of measures that your company could implement. A draft version was presented to representatives of Google on 2 July 2014, at a meeting in Paris in presence of five European Data protection authorities," it said.
"The guidelines have been elaborated in the context of this specific coordinated EU investigation into Google's privacy policy. The Article 29 Working Party may also consider issuing guidance on specific issues to the entire industry, at a later stage. The Article 29 Working Party remains open to discuss any other measures that Google would propose to address the legal requirements."
The list of guidelines (PDF) comes in an appendix and it recommends that Google create easy to access and easy to understand privacy information. This should be clearly visible across all of Google's services, it added, and should be based on correct information.
The issue dates back to 2012 and a time when Google forced all users to accept one privacy policy across all of its services. European regulators baulked at this, and in France Google was fined a shoulder shrugging €150,000 for its effort.
Google has not commented on the latest missive.
