European data privacy regulators on Thursday handed Google a package of guidelines to help it bring the way it collects and stores user data in line with EU law after six regulators opened investigations into the internet giant.
The group of European data protection authorities, known as the Article 29 Working Party, sent Google a list of measures it could implement, such as spelling out clearly for what purposes it collects user data and what third-party entities would also be able to collect people’s information.
Regulators in six European countries — Italy, France, Spain, Germany, Britain and the Netherlands — have opened investigations into Google after it consolidated its 60 privacy policies into one and started combining data collected on individual users across its services, including YouTube, Gmail and Google Maps.
It gave users no means to opt out.
A spokesman for the company said Google was open to the regulators’ feedback and looked forward to discussing the list of guidelines.
“We have worked with the different data protection authorities across Europe to explain our private policy changes,” said Al Verney.
The fines for privacy breaches remain small in most countries when compared with the $12.2 billion net profit Google earned in 2013.
Google has actively responded to a separate European court ruling that it must remove links from Internet search results under a person’s name if the information is inadequate or irrelevant. It is currently holding consultations in seven European capitals to debate the balance between privacy and the freedom of information.
(Additional reporting by Gwenaelle Barzic in Paris; Editing by Mark Potter)
This article originally appeared on Recode.net.