Google is to be told by the EU to change the way it gathers personal information if it is to avoid “high risks to the privacy of users”.
Twelve recommendations were outlined in a letter signed by 24 of the EU’s 27 data regulators, Reuters reported.
It follows a nine-month investigation into the company’s data collection practices.
Since March, Google has combined data from sites like YouTube and Gmail to better target its advertising.
It meant 60 individual privacy policies for individual Google-owned sites were merged into a single policy for all of its services.
Reuters quoted the letter ahead of the EU’s official announcement, which will take place on Tuesday.
Google has maintained the policy complies with EU law.
But regulators immediately raised concerns about the changes when they were implemented earlier this year.
The French data regulator, CNIL, was tasked by the EU to investigate the policy on behalf of the other countries in the EU.
The investigations were overseen by the Article 29 Working Party, a group of representatives from each member state tasked with promoting the application of the EU’s Data Protection Directive.
It stopped short of declaring Google’s data gathering practices illegal, but made clear 12 measures the company must put in place to satisfy the concerns.
“Combining personal data on such a large scale creates high risks to the privacy of users,” the letter is understood to say.
“Therefore, Google should modify its practices when combining data across services for these purposes.”
Those recommendations are said to include a focus on personal information and browsing records, as well as the collection of location-based data and credit card details.
On Monday, a source at Google told the BBC that the company would look closely at the recommendations, but noted that the findings were not as serious as some industry watchers had predicted.
Auke Haagsma, a director for the Initiative for a Competitive Online Marketplace (Icomp), told the BBC that Google should have anticipated the EU’s stance.
“The EU was very clear, even before Google introduced its changes, it almost certainly violated EU law.”
Mr Haagsma said the agreement, which involved representatives from all of the EU member states, represented an “unprecedented” level of concern, and posed a threat to Google’s future operations.
“In Google’s business model there is an inherent conflict of interest,” he said.
“On the one hand Google wants to offer good services to users, but on the other it’s being paid for by advertising.
“Google is collecting so much data. If people realise that, they are afraid people will say no.”
*Great decision by the EU and CNIL.
*Google are in a tailspin. Why? They’re making decisions as a marketing monopoly. Monopolies and their bullying tactics, always end up in the crosshairs of the regulator… so how is this such a surprise to them?
*Previously Google were academic rather than a marketing corporation.
*In 2004 they introduced login services – so that they could read your emails and track you – and sell the content of your emails to advertisers.
*In 2009, Google went for “personalised” services, which means trackers and totalitarian surveillance of every search term to every youtube video watched, to collect your religious, political and business interests. Personalisation IMHO is a bullying strategy.. you will do this or else!!
*, Google, the “advertising company” went head to head with the citizens of Europe. Google has left us with no choice but to cheer on the EU, and secondly to avoid Google products where we can.
WHAT HAPPENED TO YOU, GOOGLE??