“At the end of a four-month delay accorded to Google to comply with the European data protection directive and to implement effectively (our) recommendations, no answer has been given,” France’s CNIL said in a statement
CNIL, which led the probe on behalf of EU data-protection authorities, vowed EU regulators “are determined to act and continue their investigations” and their “repressive action.” CNIL did not elaborate on what those measures would entail.
In total, 12 recommendations were outlined in a letter signed by 24 of the EU’s 27 data regulators, following a nine-month investigation into Google’s data collection practices.
Among the proposed changes were the following:
• Google must “reinforce users’ consent”. It suggests this could be done by allowing its members to choose under what circumstances data about them was combined by asking them to click on dedicated buttons.
• The firm should offer a centralised opt-out tool and allow users to decide which of Google’s services provided data about them.
• Google should adapt its own tools so that it could limit data use to authorised purposes. For example, it should be able to use a person’s collated data to improve security efforts but not to target advertising.