Google isn’t cleaning up its act fast enough for decision makers in the European Union.
Representatives for the online giant have been summoned to appear before data protection officials from 30 European countries to explain why the company has failed to take “any precise measures” to change its privacy policy since October of last year. The policy in question was found to be in violation of European law due to its storage of cookies and data about sites visited by users without their consent.
“In October 2012, the Article 29 Working Party highlighted deficiencies in Google’s privacy policy and gave some recommendations to Google on how to address these,” a statement released on Thursday and signed by 30 data protection officials reads. “To date, considering that Google has not taken any precise measures in response to those recommendations, the requirements of Directive 95/46/EC are still not complied with.” At the time of the October decision, Google was given four months to put new piracy measures into place that would be in line with European legal guidelines.
“DPAs [data protection authorities] will continue their investigations in close cooperation and take all necessary actions according to their competences and powers,” the statement continues. “Significant progress on these actions will be made before summer. A taskforce led by the French DPA (CNIL) will help to coordinate these actions.”
For its part, Google maintains that it has, in fact, complied with the European data chiefs’ requests with changes that it put into place of January this year. “Our privacy policy respects European law and allows us to create simpler, more effective services,” a Google spokesperson said in a statement to press following the release of the Data Protection Authorities’ summons. “We have engaged fully with the CNIL throughout this process, and we’ll continue to do so going forward.”
The concern of the European authorities seems to center around changes Google made to its privacy policy a year ago in an effort to “streamline” its many services, unifying data collection across YouTube, Gmail, and so on. At the time of the initial October verdict, the CNIL reported that Google “did not provide satisfactory answers on key issues such as the description of its personal data processing operations, or the precise list of the 60+ product-specific privacy policies that have been merged in the new policy,” adding that the company “provides insufficient information to its users on its personal data processing operations.” In return, the CNIL claims Google allowed “uncontrolled” combination of personal user data across its different services.
Between the stated summer deadline and Google’s belief that it has already fulfilled its legal requirements in this matter, it looks like the stage is set for another showdown between the two parties later this year.
