This mass gathering and storing of personal data has caused concern for the European Data Protection authorities.
The investigation and its findings
As part of the investigations, the CNIL sent Google two questionnaires which were returned and answered on 20 April 2012 and 21 June 2012. The CNIL felt some of the answers Google gave were ‘incomplete and approximate’ and admitted that there were still some ‘grey areas’ which needed further explanation. On the basis of their analysis and Google’s questionnaires, the CNIL published a report on their findings.
The findings by the European Data Protection Authorities, published on 16 October 2012, raised three primary concerns:
- Google does not provide, or provides insufficient, information on the purposes of collecting the data. Currently Google does not provide information to the user on what data is processed and the purpose of collecting such data.
- There is no limit on the scope of collection of data across different services. ‘Google does not collect the unambiguous consent of the user’ on which service they gather data from.
- Google has not indicated the retention period of data.
CNIL has recommended that Google should:
- Provide a breakdown of its personal data ‘processing operations’ detailing ‘when, why and how such data are collected’
- Seek users consent before gathering data and implement ‘opt out’ procedures to allow users the choice to having their personal data collected.
- Define the retention period of such data.
What happens now?
Google have confirmed they have received, and are currently reviewing, the report. It may take some time before any action is taken, as the European Data Protection Commissioners have not set a deadline for a response.
This could be the start of a very long process of discussions, further investigations and analysis between the European Data Protection authorities and Google, which could potentially take weeks, if not months, to resolve.
For more information see:
- Letter to Google from CNIL
- Appendix from CNIL sent to Google
- CNIL’s press release
- TED talk from last year on how filtering and targeting affects your internet experience
Wilson Wong is a Commercial Paralegal at small London firm and part time evening LPC student. He is particularly interested in Technology, IP and Media law.