Original URL: http://www.theregister.co.uk/2012/10/17/google_under_eu_attack/

APAC privacy group backs EU's Google stance

Googleplex lawyers on a four month deadline to comply

By Natalie Apostolou

Posted in Government, 17th October 2012 22:38 GMT

The Asia Pacific Privacy Authorities Forum (APPA) has backed the recommendations made by the Commission Nationale de I’Informatique et des Libertès Working Party’s investigation into Google’s privacy policy issues.

In a letter from Australian Information Commissioner Timothy Pilgrim, representing the APPA’s regional data protection agencies, the Asia Pacific group supported the Working Party’s reforms including that Google should provide more comprehensive information about data retention periods, including clear and specific time frames for the deletion of user data.

It also calls for Google to provide active and passive users with simple and centralised opt-out mechanisms, and allow authenticated users to control which services they are logged in to at any one time and, as a result, what parts of their user data will be combined.

Biometric data is also highlighted as a key issue suggesting that Google must clearly state that the use of certain services will result in the collection of biometric data, and detail how that data will be stored and used.

Pilgrim's letter states “Google has a responsibility to engage regulators and users on privacy matters. Google sets a high benchmark for service that is emulated by others. It is important that Google aspires to similarly high levels in protecting the privacy of its users.”

Google now has four months to make its privacy policy comply with requests from the European Union data protection keepers or face the possibility of disciplinary action at a national level.

The Commission Nationale de l'Informatique, working on behalf of the EU's 27 national data regulators, announced on Tuesday it had found legal flaws with a new approach to user data that Google adopted in March.

Google can now either choose to negotiate with the regulators and change elements of its privacy policy or challenge their authority and take it to court.

"Since internet companies know no borders, it is indispensable that data protection work together," said EU Working Group head Jacob Kohnstamm who is also the Dutch data protection boss. ®