France’s data protection watchdog, the CNIL, has also cast doubt on the legality of the policy and informed Google it would lead a European-wide investigation into this.
Ms. Reding told BBC Radio Four data control authorities in Europe asked French counterparts to analyse the new policy.
“And they have come to the conclusion that they are deeply concerned, and that the new rules are not in accordance with the European law, and that the transparency rules have not been applied,” Ms. Reding said.
Users cannot opt out of the new policy if they want to continue using Google’s services.
Asked in what respects the policy could be breaking EU law, Ms. Reding said: “In numerous respects. One is that nobody had been consulted, it is not in accordance with the law on transparency and it utilizes the data of private persons in order to hand it over to third parties, which is not what the users have agreed to.”
It would have been impossible for Google to instigate the policy under proposed legislation she laid out on January 25, Ms. Reding said.
“Protection of personal data is a basic rule of the European Union. It is inscribed in the treaties. It is not an if, it is a must,” she said.
Google earlier posted a blog defending its policy after what it called “a fair amount of chatter and confusion.”
Ms. Reding argued most users were unaware of what they were signing up to when they used mainstream Internet services.
“Seventy percent of users rarely, or never, use terms and conditions which very often are written in small print, very complicated, not understandable for the normal user, and users are worried,” she told the BBC.
“Eighty per cent of British citizens say they’re concerned about what is going on now.”
She also said these issues affected many companies, not just Google.
“We know data is the bloodstream of these new industries ... but at the same time there are basic European rules ... which have to be applied, and unfortunately we always see that those rules are just not observed, and illegality is taking over.”