Google's privacy policies aren't sufficiently visible or plain enough to understand, say European Union privacy regulators who have given the search titan a manual filled with recommendations on how it should handle consumer data and related privacy issues.
The EU probed Google in 2012 to determine if the company's practices complied with European Data Protection Legislation and now the Article 29 Working Party (WP29) has given Google CEO Larry Page a compilation of recommendations it feels will help the search engine giant comply with regulations. Problems initially arose when Google announced plans to sync user data across multiple platforms
WP29 says a number of European countries were dissatisfied with Google's privacy policies after fielding independent probes into Google's revised plans on managing consumer data.
WP29 gave Google a draft of the recommendations this summer. Google says the company remains open to feedback and notes it has already been working with European regulators.
"We've worked with the different data protection authorities across Europe to explain our privacy policy changes," a Google spokesman said. "We're always open to their feedback and look forward to further discussing their suggestions in detail."
Of the many recommendations included in WP29's lesson plan is advice that Google be as clear as possible about its data retention policies.
"Google should define retention policies for all personal data processed by Google (collected, generated, produced) about active and passive users," WP29's recommendations stated. "Retention policies should be sent ot European DPAs; the retention period for each type of data should be justified an should be specific to each purpose and legal basis."
WP29 also called for increased clarity in the language of Google's privacy polices. It laid out several characteristics it believes Google's privacy policy should include.
"[We recommend] the privacy policy is structured so as to provide clear, unambiguous and comprehensive information regarding the data processing. It provides an exhaustive list of the types of personal data processed by Google," stated WP29.
WP29 also asked Google to reveal to users of the identities of the entities the search engine giant allows to access consumer data.
"When Google allows new entities to collect data, it must clearly inform users about the new recipients and the data they are allowed to collect," stated WP29. For instance, Google recently added "and our partners" to the set of entities that may collect anonymous identifiers when users visit Google services. However, Google did not inform about what type of entities these partners are and how they will use the collected data, notes WP29.