In a letter, dated 23 September 2014, to Larry Page, Chief Executive Officer of Google, data and privacy regulators from countries across the European Union (“EU”) (the “Regulators”) have requested that Google revises its privacy policies in order to make them easier to find and understand. The Regulators have requested that Google makes available exhaustive lists of what data it holds and processes, in order to comply with EU law.
Google received the package of recommendations from the Article 29 Working Party (“WP29”), an umbrella group for European data protection authorities. WP29 has an advisory status and acts independently; does not reflect the position of the European Commission. The recommendations are listed in an appendix to the letter and outline the steps that Google could take to bring itself into compliance. The recommendations include offering an online switch to allow a user to stop Google from mixing data from different Google services, such as Gmail or YouTube.
WP29 said they had warned Google Chief Executive Larry Page that his company “must meet its obligations” under European privacy rules, after its practices were found to be in violation of rules in multiple countries, including France and Spain, over the last two years.While WP29 has no power to sanction Google, its members may do so on foot of its recommendations. “We’re always open to feedback and look forward to further discussions on these recommendations”, a Google spokesman said about the letter.
WP29 published the letter as Google were in Paris on the latest leg of their advisory council tour, discussing the “right to be forgotten”. The warning comes amidst continuing battles between Google and European politicians, regulators and rivals.