• French regulator to lead inquiry
  • Casts doubt on legality, fairness of privacy rules
  • Google has rebuffed calls for delay to new policy
  • Due to be introduced March 1
France's data protection watchdog has cast doubt on the legality and fairness of Google's new privacy policy, which it said breached European laws.

The CNIL regulator told Google in a letter dated Feb. 27 it would lead a European-wide investigation of the web search giant's latest policy and would send it questions by mid-March.

Google said in January it was simplifying its privacy policy, consolidating 60 guidelines into a single one that will apply for all its services, including YouTube, Gmail and its social network Google+.

The U.S. Internet company also said it will pool data it collects on individual users across its services, allowing it to better tailor search results and improve service.

Users cannot opt out of the new policy if they want to continue using Google's services.

"The CNIL and EU data authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and its compliance with European data protection legislation," the French regulator wrote to Google.

Google plans to put the changes into effect March 1 and has rebuffed two requests from European regulators for a delay.

The tussle over data privacy comes at a delicate time for Google, whose business model is based on giving away free search, email, and other services while making money by selling user-targeted advertising.

It is already being investigated by the EU's competition authority and the U.S. Federal Trade Commission over how it ranks search results and whether it favours its own products over rival services.

In a Tuesday blog post responding to CNIL's letter, Google said it was happy to answer questions from Europe's data protection authorities.

"As we've said several times over the past week, while our privacy policies will change on 1st March, our commitment to our privacy principles is as strong as ever," wrote Peter Fleischer, Google's global privacy counsel.

In his letter to CNIL, which was also posted, Fleischer added: "We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles."

Tricky Time

Google's new privacy policy follows closely on a European Commission move to overhaul its 17-year-old data protection rules in favour of more stringent requirements.

Under the proposed new EU rules, Internet companies like Google, Facebook and Yahoo would have to ask users whether they can store and sell their data to other businesses, such as advertisers, which is source of almost all their income.

Internet users can also ask for their data to be deleted from websites for good, the so-called "right to be forgotten."

Policy makers in other countries have also expressed concerns over Google's new privacy policy.

Eight U.S. lawmakers sent a letter to Google in late January expressing concern that a planned consolidation of user information endangered consumers' privacy.

Japan's trade and industrial ministry warned on Wednesday that Google must follow Japan's privacy law in implementing its new approach, and that Google needed to provide explanations to address users' concerns.

"It is important for the firm to be flexible by providing necessary additional explanations or measures to address actual user concerns or requests also after March 1..." the ministry said in a statement.