The 27 heads of European data agencies complained that Google’s failed to respond adequately to charges that Google’s new Privacy Policy effective on March 1, 2012 violated the EU privacy laws which are referred to as the 1995 Data Directive  –“Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.“

The October 16, 2012 letter from the Article 29 Data Protection Working Party included this statement about the Google’s response to the EU’s inquiry:

Google’s answers have not demonstrated that your company endorses the key data protection principles of purpose limitation, data quality, data minimization, proportionality and right to object. Indeed, the Privacy policy suggests the absence of any limit concerning the scope of the collection and the potential uses of the personal data.

The letter included these three legal issues:

  • Firstly, the investigation showed that Google provides insufficient information to its users (including passive users), especially on the purposes and the categories of data being processed.
  • Secondly, the investigation confirmed our concerns about the combination of data across services.
  • Finally, Google failed to provide retention periods for the personal data it processes.

In September 2012 Netmarketshare reported that Google accounts for about 85% of all searches world wide the impact of potential fines for privacy violations by the EU based on its revenue may be significant. In addition to possible fines Google may be subject to criminal charges for violating EU privacy laws.

What do you think about Google’s position regarding its new privacy policies?