European regulators have reached a preliminary conclusion that Google's coming privacy policy changes fail to fulfill the mandatory requirements of European data Relevant Products/Services protection Relevant Products/Services legislation and have delivered to Google a second request that asks for a delay in their implementation.

France's Commission nationale de l'informatique et des liberts, or CNIL, has called upon Google to postpone the privacy policy makeover scheduled for March 1. The CNIL is leading an investigation by the Article 29 Working Party, an independent European advisory body on data protection and privacy, into Google's privacy policy changes.

"The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services," CNIL President Isabelle Falque-Pierrotin wrote in a letter to Google CEO Larry Page on Monday. "They have strong doubt about the lawfulness and fairness of such processing, and about its compliance with European data protection legislation."

In Need of Constructive Feedback

Earlier this month Google rejected the Article 29 Working Party's initial request for a delay. "At no stage did any EU regulator suggest that any sort of pause would be appropriate," Google Global Privacy Counsel Peter Fleischer wrote in a letter to the Article 29 Working Party.

In the letter Monday, however, CNIL's Falque-Pierrotin denied that Google had taken all the necessary steps to fully consult with European authorities.

"Contrary to public statements made by Google representatives," Falque-Pierrotin wrote, "not all authorities were informed." Moreover, the European regulators that were notified about pending privacy policy changes were only able to review the actual contents "a few hours before its public release, without any opportunity to provide any constructive feedback," she wrote.

Google noted Tuesday that it has asked to meet with the CNIL on several occasions over the past month to answer any questions they might have, and that offer remains open. However, in a written response sent to Falque-Pierrotin on Tuesday, Google said it is not in a position to pause the worldwide launch of its new privacy policy as it would "cause a great deal of confusion for users."

"We believe we've found a reasonable balance between the Working Party's recommendations: to 'streamline and simplify' our policies while providing 'comprehensive information' to users," Google said in an e-mail statement.

Lacking Transparency

Falque-Pierrotin welcomed Google's efforts to increase public awareness about the changes. However, she said it was regrettable that Google's new policy only provides users with general information about all the services and types of personal data that are involved.

This makes it impossible "for average users who read the new policy to distinguish which purposes, collected data, recipients or access rights are currently relevant to their use of a particular Google service," Falque-Pierrotin said.

A Google spokesperson said Tuesday that the company remained committed to providing "users with a seamless experience across Google's services, and to making our privacy commitments to them easy to understand." However, Falque-Pierrotin told Page that the simplification of Google's privacy policy notification has come at the expense of transparency and comprehensiveness.

By only telling users what Google will not do with their personal data, Google had failed to meet current European regulatory requirements, Falque-Pierrotin said.

"Our preliminary investigation shows that it is extremely difficult to know exactly which data is combined between which services [and] for which purposes -- even for trained privacy professionals," she said.

"In addition, Google is using cookies -- among other tools -- for these combinations and in this regard it is not clear how Google aims to comply with the principle of consent" under European regulations, Falque-Pierrotin added.