- Associated Press - Tuesday, October 16, 2012

PARIS (AP) - European regulators have asked Google to clarify its new privacy policy and make it easier for users to opt out of it because of concerns that the web giant may be collecting too much data and holding it for too long.

France’s data protection agency led a European investigation into Google’s new unified privacy policy, which replaces individual policies for its search, email and other services, and regulates how it uses the personal data it collects. The policy allows Google to combine data collected from one person using its disparate services, from Gmail to YouTube.

That gives Google a powerful tool for targeting the user with advertising based on his or her interests and search history. Advertising is the main way the company makes its money.

The collection of data is not just limited to people with accounts to Google applications. The web giant can collect information from anyone who visits a website that has a link to its services _ for example, a Google map posting. The French agency said that of the top 500 most-visited sites in France, 90 percent had a link with Google.

With that kind of power, comes responsibility, the agency said.

The agency outlined three main concerns about the new policy: it’s not clear enough in explaining to users what data is collected and how it will be used; it’s too difficult for users to opt out of data collection and combination; and Google doesn’t always say how long it will hold onto data.

The agency also noted that, under the new policy, Google doesn’t differentiate between data collected, so a search term and a credit card number are treated the same and can be used for any purpose stated in the policy.

The agency, called the French National Commission on Computing and Freedom, was careful to note that it wanted to work with Google to change the policy.

“You have to understand the approach of the data protection authorities: It’s not to make war with Google and to stop all innovation,” said Isabelle Falque-Pierrotin, the French agency’s president.

This is not the first time Google has run afoul of regulators. In August, the company agreed to pay a $22.5 million fine to settle a suit brought by the U.S. Federal Trade Commission.

The U.S. regulator alleged that Google broke a promise not to track Web surfers who use Apple’s Safari browser, as long as they didn’t change the browser settings to permit the tracking. As part of a separate anti-trust investigation, the commission is also looking into whether Google abused its dominance of Internet search to stifle competition and drive up online advertising prices.

European regulators want Google to flesh out the vague parts of its policy, tailor the way it uses data to the kind of data collected and, in general, make it easier for users to wriggle out of the wide net it has cast.

In one example cited, regulators said that in order to opt out of targeted advertising, users have to take six actions _ and that’s just one part of Google’s universe that the privacy policy touches.

All of these concerns and suggestions were sent to Google in a letter Tuesday, although the findings were presented to Google representatives last month. Data protection authorities in all 27 European Union countries signed the letter.

Google’s global privacy counsel, Peter Fleischer, said the company is reviewing the commission’s report but believes its policy respects European law.

Story Continues →