DentroChat logo
Gratis proberen

policies.google.com privacy policy — score 55/100 (medium risk)

Laatst geanalyseerd

Dit rapport is ouder dan 28 dagen. Het toont de laatst opgeslagen analyse voor dit beleid — vernieuw om de live pagina opnieuw op te halen en de score bij te werken.

De rapportinhoud (samenvatting, bevindingen, citaten) is in het Engels gegenereerd en niet gelokaliseerd.

Rapportdetails

medium risico

Google collects a very wide range of personal data, shares it broadly, and uses it for AI training with limited opt‑out options, making its privacy stance mixed at best.

Google’s privacy policy is extensive but reveals broad data collection, extensive third‑party sharing, global data transfers, and use of personal data for AI model training without clear opt‑out mechanisms. While user rights are mentioned, practical details are vague, leading to a mixed compliance picture.

Laatst geanalyseerd
BronURL
Lengte120,000 tekens

Beoordeling per categorie

Uitsplitsing van het beleid over belangrijke compliancegebieden. Goed = sterk, redelijk = gemengd, slecht = zorgwekkend.

Data Minimisationpoor

Collects extensive data (device IDs, location, activity, public sources) without clear limitation to what is strictly necessary.

Transparencyfair

Provides many details but key specifics (e.g., exact retention periods, DPIA outcomes) are missing or vague.

Third‑party Sharingpoor

Shares data with affiliates, service providers, domain admins, and for legal reasons; consent is required only for limited cases.

International Transfersfair

Acknowledges global processing but does not detail the exact transfer mechanisms or safeguards for each jurisdiction.

AI/Model Trainingpoor

Uses personal data and publicly sourced information to train AI models with no explicit opt‑out provision.

User Rightsfair

Rights are listed (access, deletion, portability, objection) but procedural details, timelines, and verification steps are not fully described.

Belangrijkste bevindingen

Opvallende clausules, problemen of positieve praktijken (kritiek eerst)

Kritiek

Broad Data Collection Beyond Necessity

The policy states it collects "unique identifiers, browser type and settings, device type and settings, operating system, mobile network information, IP address, crash reports, system activity" and also location data from GPS, Wi‑Fi, and cell towers, indicating collection far beyond what is strictly needed for many services.

Kritiek

Extensive Third‑Party Sharing

Google shares personal information "with affiliates and other trusted businesses or persons to process it for us" and also with "domain administrators" and for "legal reasons" without requiring user consent for many of these transfers.

Kritiek

Use of Personal Data for AI Model Training

The policy explicitly says it uses "publicly available information" and "your interactions with AI models" to "train, fine‑tune, and improve these models" without offering a clear opt‑out mechanism.

Waarschuwing

Unclear International Transfer Safeguards

It acknowledges that "your information may be processed on servers located outside of the country where you live" but does not specify which legal mechanisms (e.g., SCCs, adequacy decisions) are applied for each transfer.

Waarschuwing

Vague Data Retention Details

Retention is described in general terms ("some data is deleted or anonymized automatically after a set period of time") without providing concrete retention schedules for each data category.

Samenvatting voor de gebruiker

Your data is collected, stored, and used for many purposes, including advertising and AI training, and may be transferred worldwide; you have rights to access and delete, but the process is not fully transparent.

Nalevingshouding

Google claims compliance with EU/UK law and offers controls, yet the policy’s breadth and lack of granular detail on key GDPR requirements (e.g., data minimisation, specific retention periods, DPIAs) suggest a mixed compliance posture.

EU-overdrachten

The policy acknowledges international transfers and reliance on legal frameworks, but does not specify which mechanisms (e.g., Standard Contractual Clauses, adequacy decisions) are used for each destination, leaving uncertainty about adequacy safeguards.

Gedetecteerde signalen

Specifieke gegevens en praktijken geïdentificeerd in de tekst

Verzamelde gegevens
NameEmail addressPhone numberPasswordPayment informationDevice identifiersIP addressLocation data (GPS, Wi‑Fi, cell towers)Search termsBrowsing historyVoice and audio recordingsContent uploaded (photos, videos, documents)Call and message logs
Verwerkingsdoeleinden
Provide and deliver servicesMaintain and improve servicesDevelop new servicesPersonalise content and adsAnalytics and performance measurementSecurity, fraud detection and abuse preventionAI model training and improvementCommunications and notifications
Delen met derden
Affiliates and trusted service providersDomain administrators and resellersPartners for advertising and measurementLegal authorities and regulatorsPublicly disclosed aggregated trends
Internationale overdrachten
Global server networkData may be processed outside the user’s countryCompliance with unspecified legal frameworks for transfers
AI / Modeltraining
User interactions with AI models are used to train and improve modelsPublicly available information is used for AI trainingNo explicit opt‑out for model training is described

Bewijsfragmenten

Directe citaten uit het beleid ter ondersteuning van deze bevindingen

We collect information about the apps, browsers, and devices you use to access Google services, which includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information, and IP address.

We may share personal information outside of Google when we have your consent... We also provide personal information to our affiliates and other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy.

We maintain servers around the world and your information may be processed on servers located outside of the country where you live.

We use publicly available information online or from other public sources to help train Google’s AI models and build products and features using these foundational technologies.

If European Union (EU) or United Kingdom (UK) data protection law applies... you can exercise your rights to request access to, update, remove, and restrict the processing of your information.

Ontbreekt of onduidelijk

  • Specific data retention periods per data category
  • Detailed description of the legal mechanisms used for international transfers (e.g., SCCs, adequacy decisions)
  • Explicit opt‑out mechanism for AI model training
  • Procedural timelines for responding to data subject access requests
  • Evidence of Data Protection Impact Assessments (DPIAs) for high‑risk processing

Vragen om te stellen

  • What exact legal basis does Google rely on for each type of data collected (e.g., consent, legitimate interest, contract)?
  • Can users opt out of having their data used for AI model training, and if so, how?
  • Which specific transfer mechanisms (Standard Contractual Clauses, adequacy decisions, etc.) are used for each non‑EU destination?
  • What are the precise retention periods for each category of personal data?
  • How does Google audit and limit the access of domain administrators to user data?
  • What are the guaranteed response times for data subject access, rectification, and deletion requests?
Deze analyse is door AI gegenereerd en is geen juridisch advies. Raadpleeg altijd een gekwalificeerde jurist voor compliancebeslissingen.

Deel deze analyse

Iedereen met deze link kan het resultaat hierboven bekijken.

Gebouwd door DentroChat

100% Europese AI-chat voor iedereen

Chat met AI, werk met bestanden, genereer afbeeldingen en zoek op het web. Gegevens blijven in Europa.

Infrastructuur gehost in de EUTekst, bestanden, afbeeldingen en webzoekenSnelle, Denk- en Creatieve modiPrivacy-first als standaardGeen gegevens verlaten Europa
Gratis proberen →