A spokesperson for CNIL told the press:
“Google did not provide any precise and effective answers. In this context, the EU data protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, led by the CNIL, in order to coordinate their reaction, which should take place before summer.”
Google, however, insists its actions were perfectly legal and that it did respect EU law:
“We have engaged fully with the CNIL throughout this process, and we’ll continue to do so going forward.” the firm told the BBC.
The EU data protection authorities made 12 recommendations in total. These were outlined in a letter signed by 24 of the EU’s 27 data regulators, following a nine-month investigation into Google’s data collection practices. Among the proposed changes were the following:
- Google must “reinforce users’ consent”. This could be done, it argues, by allowing its members to choose under what circumstances data about them was combined by asking them to click on dedicated buttons.
- Google should offer a centralised opt-out tool and allow users to decide which of Google’s services provided data about them.
- Google should adapt its own tools so that it could limit data use to authorised purposes. For example, it should be able to use a person’s collated data to improve security efforts but not to target advertising.