CNIL verdict on Google privacy policy

CNIL's conclusions were presented on Tuesday this week to a press conference in Paris where CNIL's president Isabelle Falque-Pierrotin said the company had "three or four months" to make the revisions, otherwise "authorities in several countries can take action against Google".

In a letter to Google which was made public before the press conference Google has been told it should give clearer information about what data is being collected and for what purpose. It has also been told to give users more control over how information is combined.

CNIL has highlighted the following issues which need to be addressed:

• Google must "reinforce users' consent"
• Offer a centralised opt-out tool and allow users to decide which of Google's services provided data about them
• Google should adapt its own tools so that it could limit data use to authorised purposes

Google has been warned that if it does not take appropriate action CNIL would "enter a phase of litigation".

Google on the other hand have said that they are confident that their privacy notices "respect European law" and they are reviewing CNIL's findings.

It is encouraging to see that regulators are live to and taking privacy issues seriously. However the Google privacy policy is a classic example of balancing considerations of protection of rights and innovation. Larry Page Google's Chief Executive has said that without the current policy recent Google products would not be possible including for example the new Android app called "Google Now". It will be interesting to see what Google make of CNIL's conclusions and whether the required changes are made with or without the threatened litigation.

If you require advice on your privacy policy or any issues covered in this blog please contact John North, Head of Corporate and Commercial on 020 7583 2222 or [email protected] or Sonia Mohammed smm@royds.com.