Google has repeatedly indicated it believes its new policy complies with European law, and refused to delay implementation of the new policy so regulators could conduct a review.
When asked what about Google’s new policy could violate EU law, Reding replied: “In numerous respects. One is that nobody had been consulted, it is not in accordance with the law on transparency and it utilizes the data of private persons in order to hand it over to third parties, which is not what the users have agreed to.”
Reding acknowledged that gathering and use of personal information about users is at the core of many Internet businesses that earn money via advertising. However, she also lamented that online businesses seem to be ignoring basic data protection rules in the EU. “Illegality is taking over,” she noted.
CNIL says that by combining user data across its services, Google “makes it impossible to understand which purposes, personal data, recipients, or access rights are relevant to the use of a specific service,” which would be in violation of the European Data Protection Directive. CNIL plans to send Google a series of questions regarding its inquiry by mid-March. Google has indicated it is willing to address any concerns from CNIL.
CNIL previously fined Google in France for privacy violations surrounding its Street View service and Latitude geo-social application.