The CNIL has recently ordered Google to comply with the French data protection law within three months. This action has been taken in the context of a European initiative involving several data protection authorities and aiming at protecting the privacy of Google’s users.
The enforcement notice sent by the CNIL to Google on 20 June results from an analysis conducted by the European data protection authorities, assembled within the Article 29 Working Party.
On the same day, the Spanish authority formally launched an enforcement procedure against the company based in Mountain View, and the Italian authority stated that it was seeking additional clarifications from Google and that Google’s answers would be assessed in order to take measures as appropriate, including injunctions or sanctions – if required by the applicable law.
Other European authorities have initiated formal procedures to evaluate the compliance of Google’s services with their respective national laws, and request changes if needed.
Although they are based on a European directive, national data protection laws are slightly different. Nevertheless, the breaches pointed out by the data protection authorities are similar:
European authorities will continue their investigations and discussions with Google during the summer, with due respect for their national procedures. The CNIL and the ICO have formally asked Google to implement their recommendations and comply with their respective national laws by 20 September. If Google fails to comply, the CNIL and the ICO will be able to issue penalties.