A week ago we discussed the news that the Article 29 Working Group was investigating Google's proposed new database.
As reported by Out-law.com, the Working Group has published its letter to Google on its website (see link at the end of this post). Presumably the letter is searchable on Google, but that's besides the point...
Having read the letter, the investigation has wider scope than previously thought. It is about Google's data protection practices and policies generally. Noteworthy parts of the letter include:
- Positive comments about Google's willingness to engage with consult with the Working Group. Does this mean that other search engine companies have been approached for information too? This looks to be the case so no doubt we'll be seeing the results of those approaches in the near-ish future...
- Server logs contain personal data because data can be linked to individuals.
- In general, Google needs to provide legal justification for why it keeps server logs.In addition, Google's storage of server logs for 18 to 24 months does not comply with European data protection law. Also, Google has not sufficiently specified the purpose for which it keeps the server logs.
- Google cookies do not comply with the Electronic Privacy Directive (see it's UK implementation here) because Google doesn't give users clear information about their use and the purpose of processing. In addition, the cookies are stored for 30 years. This goes beyond what is strictly necessary and therefore permitted under that Directive.
- Google's policy of "more anonymous data" should be improved to comply with data protection law. The Working Group asks for more information on the policy.
Comments