This article is also available in:
Deutsch: WP 29: Google verstößt gegen den Datenschutz
A few days in advance of Google's revision of its privacy policies, European data protection authorities (DPAs) find that Google's new privacy policy would infringe European data protection rules. The lead DPA, the French CNIL, points out that the policy is too vague and raised concerns about the combination of data collected via different services. It requested Google to suspend the roll-out of the new policy until CNIL has completed its analysis. Google dismissed the concerns and noted that it would implement the policy on 1 March 2012.
The letter is part of an investigation by the Article 29 Working Party into Google's new privacy policy. The Working Party raises two concerns in its preliminary analysis. Firstly, it is impossible for average users who read the new policy to discern how parts of the policy apply to the use of a particular Google service. Secondly, the Working Party has strong doubts about the lawfulness and fairness of the combination of personal data across services. The Working Party will fully address this question in the following weeks.
Letter of CNIL to Google (27.02.2012)
http://www.cnil.fr/fileadmin/documents/en/Courrier_Google_CE121115_27-...
Letter of Google to CNIL (28.02.2012)
https://docs.google.com/file/d/0Bw8Krj_Q8UaEczVuWGEwWFhTSkdZZ0MyU0NQRG...
(contribution by Ot van Daalen - EDRi-member Bits of Freedom Netherlands)