The EU’s ongoing issues with Google and the way it collects data has continued today after the EU Data Protection authorities — led by France’s Commission Nationale de l’Informatique (CNIL) — published new findings which recommend that the search giant provides greater clarity and improved control for its users.

Google announced plans to update its private policies and bring them together ‘under one roof’ in January and the EU has consistently been uneasy with the change, right from February 3 when Jacob Kohnstamm, Chairman of the Article 29 Working Party, wrote to Larry Page with an unsuccessful request for the introduction to be “paused”.

Since the new policy went live in March, the EU has continued its interest and conducted analysis into the policy; which included two questionnaires sent to Google in April and June. Now the Working Party says that the search giant “did not provide satisfactory answers on key issues” when it reached out to the US firm. In particular, the description of its data processing operations or a list of the product-specific private policies that have been merged.

The group is asking Google to be clearer about the collected data, and how it will be used, while also giving users control over precisely which data is collected across Google services. It wants to see users given the choice over what data is combined, and made clear what is for security and what is for advertising.

Interestingly, the EU group points out that Google refused to provide a retention period which would give users a clearer idea of how long its data is stored for.

The EU recommendations are very much recommendations since it does not have the power to do much more at this stage, while, equally, there are no allegations of rule-breaking or illegal activity. However, the CNIL asserts that its latest round of analysis has the backing of 27 European Data protection authorities — its strongest level of support to date — each of which have signed the letter which has been sent to Google.

Google will be given “months” to react and make changes, although the EU has (and does) not define what could come next; but further investigations and a possibility of sanctions are possible.

The company isn’t alone in being on the receiving end of the European Union’s gaze on privacy since Facebook has come under scrutiny too. Ireland’s Data Protection Authority cleared the social network of building ‘shadow’ profiles of data but it did request the US company to agree to a number of changes related to privacy.

We contacted Google for comment and Peter Fleischer, Google’s global privacy counsel, said:

“We have received the report and are reviewing it now. Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”

Image via Flickr / Danny Sullivan