Regulators from the French agency CNIL said Thursday that Google must clarify its policy to tell users what data it collects, its reasons for collecting it and how long it retains data. The search engine giant must also set reasonable limits for storage and get users’ permission to store cookies on their devices.
In October 2012, the agency openly criticized Google for folding 60 of its services under the same policy — a move that streamlined the company’s policies but also gave Google the ability to combine data collected from its signed-in users in new ways.
“Google empowers itself to collect vast amounts of personal data about internet users, but Google has not demonstrated that this collection was proportionate to the purposes for which they are processed,” the agency said in a letter last fall.
In its Thursday notice to the company, CNIL said that it that data protection authorities from other countries, including Germany, Italy, the Netherlands, Spain and the United Kingdom, have launched or will launch enforcement actions against Google.
Reuters reported that the Italian data protection agency is willing to consider sanctions if it finds the firm has breached privacy laws.
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.