The letter from 24 of 27 of the bloc’s data protection regulators, which was made public after being obtained by Reuters prior to its official announcement Tuesday, follows a running investigation opened by France this spring into the legality of Google’s method of collecting user data. Introduced in March, the company’s new guidelines consolidated 60 separate privacy policies into one and collate user data from across Google’s services, which include Gmail and YouTube.
Brussels stopped short of calling Google’s corporate practices illegal, but said, “Combining personal data on such a large scale creates high risks to the privacy of users,” according to Reuters.
Though users must agree to the policy in order to use any Google service, regulators hint in the letter that the company’s current policy does not explicitly ask for user consent when combining data.
Combining user data across platforms allows Google to better identify targets for advertisements. The company maintains that the new policy also provides users better search results, and is completely compliant with European laws.
However, Google “may be prepared to test the legal position in Europe to see what they can get away with,” said Chris Watson, an attorney at international law firm CMS Cameron McKenna.
The incident comes at a touchy time for Google, which is already under investigation by European antitrust officials who suspect the company may intentionally place competitor-related websites lower in its search results.