EU Group May Serve Google With Letter Over Data Retention Policies

Google might be receiving a letter from the European Union’s Article 29 Data Protection Working Party relating to the company’s data retention policies. What’s in the letter — if there are concerns, requests, demands — is unknown at this point. No one yet seems to have a copy of the actual letter, not even Google.

“We have not yet received a letter. We have contacted the office of the chairman of the Article 29 working group to ask if a letter is on its way and if so, could they send to us,” said Rachel Whetstone, European director of communications and public affairs for Google.

My understanding is that if there is a letter from the working group, it has to go to each EU member state for final approval before being sent. That process takes time, so it may be that news of the letter is being leaked out before final approval is gained.

I can only speculate that the letter will probably relate to concerns that Google might be retaining too much data, often a worry voiced about the company — and often equally applicable to other companies. But Google tends to stand as the largest target.

As said, Google’s not seen the letter, so can’t address specifics within it. It did provide this general statement:

“Google takes data protection and the privacy of our users extremely seriously. It goes to the heart of our business. We comply with data protection regulations and are in constant dialog with privacy regulators across Europe. We are always interested to hear their views and work closely with them on an ongoing basis,” Peter Fleischer, privacy counsel, Google.

My past article, Google Anonymizing Search Records To Protect Privacy, goes into depth about the type of data Google (and other search engines) collect in relation to search. It also covers how Google is going to anonymize that data. One chief complaint about the anonymizing plan has been that the 18-24 month non-anonymized period is deemed by some groups to be too long. Ironically, that long period is in place so that Google can comply with another EU requirement to retain data.

Norwegian Data Inspectorate To Investigate Privacy Issues With Google covers how Norway has separately, and earlier, raised questions about Google’s data retention policies. EU privacy body criticizes Google practices from MarketWatch touches on the latest move — saying that sources tell it Google will be told it falls short of data protection standards — but focuses more on the Norwegian letter.