The CNIL's announcement begins (as translated by Google Translate):
European authorities have asked Google to provide clearer and more comprehensive info about data collection and the purpose for which all data is collected. These authorities want Google to present three levels of details that they say will "ensure information meets the requirements of the directive without degrading the user experience." They go so far as to suggest interactive presentations.
One of the biggest concerns expressed in today's announcement is that Google is not giving users enough control of the combination of data among its services. The authorities call upon Google to strengthen the consent of people for combined data by allowing users to choose when data are combined (such as with dedicated buttons on pages of services). They specifically cite the "Search Plus Your World" button as an example of what to do.
They also suggest Google provide better user control by centralizing and simplifying the opt-out process, allowing users to choose which services they want Google to be able to combine data from with other services. In addition, they want Google to distinguish tools used for security and those used for advertising.
The announcement concludes by indicating that Google has refused to engage on data retention periods for personal data, noting that a letter was sent to Google about this, signed by 27 authorities of European data protection.
You can see an 18-page response Google sent to the CNIL back in April here. In that letter, Google went through examples of its privacy notices to provide a "better understanding' of the breadth and scale of its new privacy architecture. Here's a sample from that letter, somewhat explaining Google's position:
Giving users easy access to their data across Google products allows them to do useful things such as immediately add an appointment to Calendar when a message in Gmail looks like it’s about a meeting; read a Google Docs memo right in Gmail; use Google+’s sharing feature, Circles, to send driving directions to family and friends without leaving Google Maps; and use a Gmail address book to auto-complete contact’s email addresses when inviting them to work on a Google Docs memo or sending them a Calendar invitation to a meeting.
This is the kind of scenario Google is thinking about from the standpoint of its own products. Many of its competitors already have products that compete with various Google services, but for the competitors, in many cases, they are simply features, rather than separate services. For example, Facebook Photos vs. Google's Picasa Web Albums. Apple's Maps app vs. Google Maps.
The difference is that Google has started from a somewhat different place than competitors. It has acquired and launched services that were not necessarily integrated from the beginning. They were standalone services with different destinations. The Facebook Photos vs. Picasa Web Albums is a prime example of the difference. Facebook Photos are just part of Facebook, whereas Picasa Web Albums have historically been a completely separate product from other Google products.
Still, Google owns all of these products, and it makes sense both from a business standpoint, and from the standpoint of a user who uses numerous Google products under a central Google login.
Should Google be treated differently because of the product strategy it has followed over the years. There is so much talk about whether Google is anticompetitive or not. Wouldn't preventing Google from being able to use its products together in ways that make business sense and improve the user experience only hurt Google's ability to compete?