Back in February, the French data protection regulator, CNIL, called out Google for failing “to come into compliance” within the four month period set out by the original October report into the policy, conducted by the Article 29 Working Party — and said Mountain View would therefore face additional action. Representatives of Google met with the CNIL-led taskforce last month but, according to CNIL, “following this meeting, no change has been seen” — thereby triggering today’s national actions.
The CNIL’s release states:
It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation. Consequently, all the authorities composing the taskforce have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation (investigations, inspections, etc.)
In particular, the CNIL notified Google of the initiation of an inspection procedure and that it had set up an international administrative cooperation procedure with its counterparts in the taskforce.
This latest brush with Europe’s data protection watchdogs was triggered by Google’s action last year to consolidate more than 60 separate product privacy notices into one unified policy. After an investigation, European privacy regulators published a list of privacy recommendations for Google, including suggesting the company should make it clearer to users how their personal information may be used, and how it is collected and collated from different services. They also wanted Google to offer users an opt-out. It is these recommendations that Google has apparently failed to comply with, resulting in today’s actions.
It’s unclear whether the European action contributed to the departure of Google’s director of privacy Alma Whitten, announced yesterday.