In fact, the public who perform searches on Google have a right to know as well.
So far, all we know is that every time you perform a search, Google records your IP address, your search query, and details of the cookies stored on your hard drive. What's more Google claims that for its "security" it needs to hold on to this data for two years.
No doubt the EU and a large number of private citizens will be interested to know why not only their IP addresses but Google needs or even has the right to retain the often sensitive information contained in tracking cookies placed on their hard drives by websites they have visited. How will that help Google protect itself from hack attacks?
Google also claims that retaining such data enables it to prevent abuse of its advertising system. Having a record of IP addresses clicking ads makes sense in such instances but is it necessary to retain that data for two years? And why the need to retain cookies? One can see how having a record cookies could benefit Google commercially but it's hard to see how this can be related to security.
Like it or not, these are questions that Google needs to answer and the EU is absolutely correct to ask them.