The development is the latest chapter in the Google vs. EU privacy saga.
Doubts about combination of data across services
It all began in March 2012, when Google consolidated all its privacy policies into one uniform policy applicable across all Google services harvesting user data, including YouTube, Gmail, Google maps and Google+. Users cannot opt out of the policy.
In October 2012, CNIL announced that several months of investigation showed that Google’s policy allowed for the combination of “almost any data from any services for any purposes”, at the same time providing “insufficient information to its users on its personal data processing operations”.
“A Google service’s user is unable to determine which categories of personal data are processed for this service, and the exact purposes for which these data are processed,” added CNIL.
The findings confirmed the suspicion that the policy did not seem to be in line with EU legislation, and CNIL called on Google to modify its practices or else face litigation.
Repressive action by summer
Google, on the contrary, claims that it does respect European law, telling the BBC that the company has “engaged fully with the CNIL throughout this process, and [will] continue to do so going forward.”
For what it’s worth, European privacy watchdogs seem to be of a different opinion, stating that the EU data protection authorities are committed to act and continue their investigations, and that they will set up a working group, lead by the CNIL, in order to coordinate their repressive action which should take place before summer.
“We seem to be looking at a permanent conflict,” comments Aphaia’s Boštjan Makarovič.”Whereas EU data protection legislation is all about data subject consent, web giants are always trying to find new ways to combine and commercially exploit data, and these ways are unlikely to be covered by their previous policies, not to mention previous informed consent given by service users. The temptation just seems to be too big.”