European data regulators have hit out at Google over its privacy policies after an investigation found numerous concerns with data collection practices at the search giant.
The report by the pan-European Article 29 Working Party and led by French data regulators CNIL began earlier this year after Google introduced new privacy policies on 1 March, despite widespread concerns.
Now, in its report released on Tuesday, the CNIL said it had found numerous concerns with the changes the firm had instigated, including worries that Google collects far more data on users than is necessary.
"Firstly, it is not possible to ascertain from the analysis that Google respects the key data protection principles of purpose limitation, data quality, data minimisation, proportionality and right to object," it said.
As such, it said Google should "modify its practices" when collecting data to give users more insights into what is being used and improve the ability to opt out of data collection.
The CNIL also noted that Google does not provide retention periods for the data it collects, and refused to provide this information to the regulators.
The CNIL also criticised Google for the answers it gave to some of its questions relating to its privacy policies.
"In particular, Google did not provide satisfactory answers on key issues, such as the description of its personal data processing operations or the precise list of the 60+ product-specific privacy policies that have been merged in the new policy," it said.
A letter outlining all these concerns was sent to Google's chief executive Larry Page and signed off by numerous members of the Article 29 Working Party, including UK information commissioner Christopher Graham.
Google's global privacy counsel Peter Fleischer said the firm was reviewing the document, but stood by its policies.
Do you agree
Latest stories from Search