EU data bodies tell Google to fix privacy rules

European data protection agencies said Google’s new privacy policy does not comply with EU laws and told the US Internet giant to fix it within months or face legal action. “Google has a few months, three or four months, to comply. If it takes no action, we will enter a phase of litigation,” said the head of France’s CNIL data agency, which took a lead role in a European probe into the company. Google rolled out the new privacy policy in March, allowing it to track users across various services to develop targeted advertising, despite sharp criticism from US and European consumer advocacy groups. It contends the move simplifies and unifies its policies across its various services such as Gmail, YouTube, Android mobile systems, social networks and Internet search. But critics argue that the policy, which offers no ability to opt out aside from refraining from signing into Google services, gives the operator of the world’s largest search engine unprecedented ability to monitor its users. Google is already facing privacy probes by authorities across the globe as it steps up its battle with the social network site Facebook for both users and advertisers. The CNIL led an investigation into the privacy policy by data agencies from European Union member states and on Tuesday presented its conclusions at a press conference in Paris. In a joint letter to Google made public ahead of the conference, the agencies wrote that the US firm “provides insufficient information to its users, especially on the purposes and the categories of data being processed. “As a result, a Google user is unable to determine which categories of data are processed in the service he uses, and for which purpose these data are processed,” it said. CNIL said in a statement that after requests for more information about Google’s new policy, the firm had given “several answers (that) were incomplete or approximate” and “did not provide satisfactory answers on key issues.” CNIL president Isabelle Falque-Pierrotin said that “we now demand adjustments” to the policy, failing which “authorities in several countries can take action against Google.” She added however that such action would be taken on a national and not an EU level. European states’ data agencies differ widely in their investigative and enforcement powers. Google, in response to CNIL’s statement, insisted it was complying with EU law. “Our new privacy policy shows our continued commitment to protecting our users’ data and creating quality products. We are confident that our privacy policies respect European law,” it said in a statement. The California-based firm says the changes are designed to improve the user experience across the various Google products, and give the firm a more integrated view of its users, an advantage enjoyed by Apple and Facebook. EU competition authorities are separately looking at whether the US firm used its search engine to boost its own services and disadvantage competitors by preferential rankings.