French privacy regulator CNIL yesterday wrote to Google CEO Larry Page on behalf of the EU working party to say it is "deeply concerned" about Google's intention to combine users' personal data across its service, and to express "strong doubts" about the legality of such a move.
"Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection, especially regarding the information provided to data subjects," said the letter to Page, which was signed by CNIL president Isabelle Falque-Pierrotin.
"By merging the privacy policies of its services, Google makes it impossible to understand which purposes, personal data, recipients or access rights are relevant to the use of a specific service," said a statement from CNIL.
Falque-Pierrotin wrote that it is "impossible for average users" to understand how Google would use their personal data. Furthermore, "it is extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals," she wrote.
But privacy campaigners had already expressed their concerns about the new policy. Google said the new policy will make using its products easier for customers.
CNIL further criticised Google for not fully consulting EU data protection authorities prior to the launch.