Representatives of 27 European Union (EU) data protection agencies (DPAs) urged Google this week to adopt various recommended modifications to the company’s privacy policy that was enacted in March, pointing to a recent investigation which concluded that the revised policy lacks “any limit concerning the scope of the collection and the potential uses of . . . personal data.” Conceived in an effort to consolidate and streamline dozens of privacy policies that govern Google’s individual web services, Google’s new data collection policy facilitates the sharing of users’ web browsing histories and personal data across all Google sites in the interest of providing more personalized, targeted services to users. When Google refused an EU request earlier this year to delay implementation of the new policy, the EU’s Article 29 Working Party directed France’s Commission on Information Technology and Liberties to lead an investigation into the policy on behalf of all European DPAs. In a letter delivered to Google CEO Larry Page on Tuesday, the DPAs complained that Google failed to provide “satisfactory answers on key issues such as the description of its personal data processing operations or the precise list of the 60+ product-specific privacy policies that have been merged in the new policy.” While noting that users of Google’s services are “unable to determine which categories of personal data are processed . . . and the exact purposes for which these data are processed,” the DPAs charged that the new policy allows Google to gather and combine data from any online activity from any service that is connected to Google. According to the DPAs, Google’s policy fails to differentiate between “innocuous content” such as search queries and more sensitive data such as credit card numbers or the content of voice communications. All such data, concluded the DPAs, “can be used equally for all the purposes in the policy.” Urging Google to provide “clearer and more comprehensive information about the collected data and the purposes of each of its personal data processing operations,” the DPAs said Google should modify its practices by, among other things: (1) reinforcing users’ consent to the combination of data, (2) simplifying users’ rights to object or to “opt out,” and (3) allowing users to choose the services for which their data is combined. The DPAs further advised Google to “take effective and public measures to comply quickly and commit itself to the implementation of these recommendations.” Defending his company’s policy as one that “shows our continued commitment to protecting our users’ data and creating quality products,” a Google spokesman voiced confidence “that our privacy policies respect European law.”