EU demands rethink of Google’s “high risk” privacy policy

Google is to be told by the EU to modify the way it gathers personal information after making drastic changes to its privacy policy


Google changed its privacy policy in March by combining data from sites such as YouTube, Google, and Gmail in order to better tailor its advertising towards users.

The result was 60 privacy policies for Google-owned sites were merged into one single policy for all of its services.

A letter signed by 24 of the EU’s 27 data regulators outlines 12 changes to the privacy policy that Google must make.

The letter, which has not yet been signed by data regulators from Greece, Romania, or Lithuania, says: “Combining personal data on such a large scale creates high risks to the privacy of users,”

“Therefore, Google should modify its practices when combining data across services for these purposes.”

The letter follows a nine month investigation by the French data commissioner, Commission Nationale de l’Informatique (CNIL), on behalf of the EU’s regulators.

Earlier in the year, Justice Commissioner Viviane Reding described the changes as a possible breach of EU law, because they did not give users a chance to opt out.