“EU Data protection authorities ask Google to provide clearer and more comprehensive information about the collected data and purposes of each of its personal data processing operations. For instance, EU Data protection authorities recommend the implementation of a presentation with three levels of detail to ensure that information complies with the requirements laid down in the Directive and does not degrade the users’ experience. The ergonomics of the Policy could also be improved with interactive presentations” CNIL
In a letter to Google [pdf link] – signed by the CNIL and other authorities from across Europe – the concerns are laid out in full, together with some suggestions as to how they can be addressed. For instance, the search company could “develop interactive presentations that allow users to navigate easily through the content of the policies” and “provide additional and precise information about data that have a significant impact on users (location, credit card data, unique device identifiers, telephony, biometrics).”
Ironically, one of Google’s arguments for initially changing its policy system was that a single, harmonized agreement would be easier for users to read through and understand. It also insisted that the data-sharing aspects were little changed from before.
“The CNIL, all the authorities among the Working Party and data protection authorities from other regions of the world expect Google to take effective and public measures to comply quickly and commit itself to the implementation of these recommendations” the commission concluded. Google has a 3-4 month period to enact the changes requested, or it could face the threat of sanctions.