Europe is now trying to tell Google how best to handle the privacy of its users.
For years, the search giant has been tussling with European privacy regulators over how it collects and stores the data of its users. In 2012, Google got into trouble after it said it planned to revamp its privacy policies to “combine personal information” across its multiple products and services. The company justified the change by saying it would consolidate its 60 different privacy policies into one single policy that would be simpler.
European regulators didn’t see it that way and wanted Google to change its new policy. In 2013, France’s privacy watchdog, the Commission Nationale de l’Informatique et des Libertes (CNIL), said that six different countries — France, Germany, Italy, the Netherlands, Spain and the UK — would launch investigations into Google over its non-compliance with European privacy regulations.
This week, European regulators took the next step by sending Google a list of guidelines telling it exactly how to comply with local laws, Reuters reported. Issued this past Tuesday by European data protection authorities, known as the Article 29 Working Party, the 6-page guideline document spells out a series of requirements that Google could and should follow to stay out of further trouble.
European regulators also suggest that Google make it easy for users to manage their personal data with a new dashboard that would include all of the company’s services. Users would then be able to control the privacy settings for each service, though “privacy-friendly” default settings could also be in place.
Consent to allow your personal data to be used would also have to be clearly laid out as per the following recommendation:
Finally, Google should clearly explain its data retention policy for all data gathered about its users.
“Retention policies should be sent to European DPAs (data protection authorities); the retention period for each type of data should be justified and should be specific to each purpose and legal basis,” the guidelines stated.
The ball is now in Google’s court to respond to these guidelines and try to continue further discussions with European regulators. In its letter to Google, the Article 29 Working Party said it “remains open to discuss any other measures that Google would propose to address the legal requirements.”