The European Union (EU) has expressed concerns over Google’s privacy policies. Google is a global technology company focused on online products and services, notably internet search and email services, advertising, and software technologies. On October 16, 2012, the data collection authorities for all 27 EU Member States signed a letter that was sent to Google addressing the EU’s privacy concerns. In short, the EU’s concern is that Google may be collecting too much information on users and keeping the information stored on its system for too long. The EU letter claims that Google has not “endorse[d] the key data protection principles of purpose limitation, data quality, data minimisation, proportionality and right to object.” The increased worry over Google’s policies was sparked by Google’s new privacy policy which allows the company to combine data collected from its internet-related services such as YouTube and Gmail. This data collection enables Google to improve its advertising efforts by targeting users based on specific interests and browsing history.

In order to better understand the quarrel between Google and the EU, it is important to discuss briefly EU law regarding data collection. Article 7 of the EU Charter of Fundamental Rights guarantees the right to respect for one’s private and family life, home, and communications. More specifically, Article 8 provides explicit protection of the right to the protection of personal data. Article 8 specifically includes the “right of access to data which has been collected concerning him or her, and the right to have it rectified.” The right to data protection is also enshrined in Article 16(1) of the Treaty on the Functioning of the European Union (TFEU). In 1995, the EU adopted the Data Protection Directive (95/46/EC).  The Data Protection Directive’s Article 29 created the “Working party on the Protection of Individuals with regard to the Processing of Personal Data.” The Article 29 Working Party has broad powers over data protection in the EU. Data protections were reinforced by the E-Privacy Directive (2002/58/EC). In January 2012, the Commission proposed a comprehensive reform of the EU legal framework on the protection of personal data. The 2012 proposals seek to enhance users’ control of their data and account for changes in technology.  In February 2012, Viviane Reding, the EU justice commissioner, stressed that European authorities need to ensure that Google’s new privacy policy complies with EU law.

The EU’s latest row with Google raises an interesting test regarding the future of European data protection. Specifically, the EU regulators want Google to (1) clarify its privacy policies; (2) get express permission from individual users to use and collect their data; (3) make it easier for users to opt out of certain requirements; and (4) publish how it uses and processes personal data. Google has four months to comply. If Google does not sufficiently comply with the EU’s requests, the EU regulators will consider disciplinary measures such as fines. Google has not responded at this time. However, Peter Fleischer, Google’s global privacy counsel, said, “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”

Google has certainly faced its fair share of privacy complaints in EU countries in the past. In 2010, EU regulators demanded that Google warn people before taking pictures for Google’s Street View service. Furthermore, the EU demanded that Google shorten the amount of time the pictures were kept on the company’s system. In 2011, Spanish data protection authorities demanded that Google remove links to online news articles which infringed on the privacy of Spanish citizens.

At the end of the day, the latest dispute between Google and the EU underscores the difficulty in harmonizing EU data protection laws and maintaining the health of the global internet-based economy. On one hand, Google wants highly targeted advertising because advertising is the chief revenue source for the company. On the other hand, European countries want to ensure that EU users’ data is protected and that Google complies with EU law. The outcome of this row will likely have long-term implications for many other companies such as Facebook which rely on Europe’s significant market of 500 million citizens.