EU privacy chiefs did not agree, suggesting Google may be violating specific EU data laws.
“It is not possible to ascertain from the analysis that Google respects the key data protection principles of purpose limitation, data quality, data minimization, proportionality and right to object,” Commission Nationale de l’Informatique, France’s privacy agency that took the lead in this inquiry, said in a statement on Tuesday.
It’s also not clear to users which data would be used for product development, advertising, or research.
Google has four months to implement changes before each agency can purse enforcement action, according to CNIL. Penalties and actual enforcement authority varies by country.
“If Google does not conform in the allotted time, we will enter into the disciplinary phase,” CNIL president Isabelle Falque-Pierrotin told Reuters.