Abstract
Google’s announcement in January 2013 that it intended to revise and consolidate its privacy policy sparked an almost immediate reaction from EU data protection regulators. Concerned what the changes could mean for internet users given Google’s dominance within the EU not only of the market in online search but also in other online sectors, the Article 29 Working Party launched an investigation into the new policy and its compliance with EU data protection law. The new policy granted Google broad new powers to combine personal data collected via its different services and to use them for a wide range of purposes. In doing so the policy does not distinguish between personal data Google already held at the time the new policy came into force and data that it collected afterwards. Under EU data protection law, data controllers must process personal data in compliance with the limitation This means that personal data can only be collected for specified, explicit and legitimate purposes and must not be further processed in a way incompatible with those purposes. This article explores whether or not Google’s new privacy policy complies with the purpose limitation principle and the way in which EU data protection authorities have reacted to its implementation at EU and national level at a time when the EU data protection framework as a whole is under review.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
