Letter to Article 29 Data Protection Working Party — October 2012
Our reference: P12/12
Mr Jacob Kohnstamm
Article 29 Data Protection Working Party
C/O Commission Nationale de I’Informatique et des Libertès
8 rue Vivienne
75083 Paris, France
Dear Chairman Kohnstamm
I write on behalf of the following Data Protection and Privacy Authorities (the Authorities) who form part of the Asia Pacific Privacy Authorities Forum (APPA):
- Office of the Australian Information Commissioner, Australia
- Office of the Privacy Commissioner for Personal Data, Hong Kong, SAR
- Office for Personal Data Protection, Macao, SAR
- Federal Institute for Access to Information and Data Protection, Mexico
- Office of the Information and Privacy Commissioner for British Columbia, Canada
- Office of the Information Commissioner, Queensland, Australia
- Office of the Victorian Privacy Commissioner, Victoria, Australia
- Office of the Information Commissioner, Northern Territory, Australia, and
- Office of the Privacy Commissioner, New South Wales, Australia.
Data retention periods
The Authorities agree with the Article 29 Working Party that Google should provide more comprehensive information about data retention periods, including clear and specific timeframes for the deletion of user data.
Combination of data across Google services
Support is given to the recommendation of the Article 29 Working Party that Google give users better control over their personal data.
Specifically that Google should:
- provide active and passive users with simple and centralised opt-out mechanisms, and
- allow authenticated users to control which services they are logged in to at any one time and, as a result, what parts of their user data will be combined.
Specifically, the policy should, at a minimum, clearly state that the use of certain services will result in the collection of biometric data, and detail how that data will be stored and used.
Further, support is also given to the Article 29 Working Party’s view that, as a market leader, Google has a responsibility to engage regulators and users on privacy matters. Google sets a high benchmark for service that is emulated by others. It is important that Google aspires to similarly high levels in protecting the privacy of its users.
Finally, the Authorities would like to commend both the Article 29 Working Party and the CNIL on their work on this issue.
Australian Information Commissioner
 APPA is the principal forum for privacy authorities in the Asia Pacific Region to form partnerships and exchange ideas about privacy regulation, new technologies and the management of privacy enquiries and complaints.
 This issue was discussed in my letter on behalf of the APPA Technology Working Group dated 18 May 2012.