European officials tell Google to clarify policy

Regulators want better explainer on user privacy

PARIS — What does Google know about its users and how does it know it? European privacy regulators on Tuesday warned the company to clarify those issues — or risk fines or other penalties by early next year.

In a letter to Larry Page, chief executive of Google, 27 European data-protection agencies asked the company to modify its global privacy policy that governs dozens of Google online services so that users have a clearer understanding of what personal ­data is being collected and can better control how that information is shared with advertisers.

Google collects personal ­data, like the sex and age of ­users and their Web browsing histories, in order to tailor its services to individual users and also to sell ads.


When Google introduced the privacy policy last winter, it described it as a way to streamline its use of personal data across a range of services that were each previously covered by separate privacy guidelines.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

In keeping with European privacy law, Google said it was collecting the data only if users ‘‘opted in.’’ But opting in essentially became a requirement of using each of the services after the new policy went into effect.

European privacy regulators had expressed concern last winter about the new procedures and had asked Google to delay implementing them. After the company declined, the European Commission asked France’s privacy agency to take the lead on a legal ­analysis, which resulted in the warning to Page Tuesday.

The privacy regulators said Google provided users with incomplete disclosure about its processing and storage of the data, as well as insufficient control over how information from different Google services is blended to build detailed personal profiles.

Google also makes it too cumbersome for users to block the collection of these data, the regulators said.


“The new privacy policy ­allows an unprecedented combination of data across different Google services,’’ Isabelle Falque-Pierrotin, chairwoman of the French data-protection authority, said at a news conference in Paris. ‘‘We are not opposed to this, in principle, but the data could be employed in ways that the user is not aware of.’’

Falque-Pierrotin, whose agency, called CNIL, conducted an investigation of the policy change on behalf of the other EU data-protection authorities, said she would give Google ‘‘three to four months’’ to make changes.

Google said it was reviewing the letter and an accompanying report from the data-protection authorities, but added that it was confident the new policy respected EU law.