European privacy regulators are breathing down Google's neck over the changes the search giant recently made to its policies. CNIL has pelted Google with numerous requests for details about how it would execute its policies, and so far isn't satisfied with the answers it's been getting. Stonewalling is Google's M.O. when it comes to regulatory requests, said John M. Simpson, Consumer Watchdog's privacy project director.
The French National Commission on Computing and Liberty (CNIL) is running up against what seems to be a chronic problem with Google: difficulty in getting all of the information it requested.
CNIL duly thanked Google for its cooperation but noted that its answers were "often incomplete or approximate," and so launched another round of questions for clarification, which Google has until June 8 to answer.
CNIL gave a few hints as to which of its 69 questions Google hedged on. It noted that Google has not provided a practical answer on the way the Europe's Privacy Directive is applied for Google's "passive users" — that is, the persons who use Google services such as advertising, analytics and its +1 button when they visit third-party websites.
It also said that Google has not provided a maximum retention period for the data, and that it would like to clarify the actual effects of Google's opt-out mechanisms and their validity as a means to exercising the right to oppose.
CNIL did not respond to our request for further details.
"We have received the CNIL's follow-up questions, and we are reviewing them," said Google Privacy Counsel Peter Fleischer. "We are confident that our privacy notices respect the requirements of European data protection laws."
69 Very Long Questions
Certainly the CNIL questionnaire is a lengthy one, with very detailed questions. Consider No. 25: "What does Google mean by 'personally identifiable information' in the sentence 'we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent'? Does this 'personally identifiable information' include the following data collected by Google when using Google services:
A) IP-addresses and/or
B) unique device identifiers and/or
C) telephone numbers and/or
D) geolocation data."
Stonewalling is Google's M.O. when it comes to regulatory requests, John M. Simpson, Consumer Watchdog's privacy project director, told the E-Commerce Times.
"Google did it with the FCC over its inquiry into the StreetView project," he said. "The FCC fined Google (US)$25,000 because it dragged its feet in responding."
Google has said it fully cooperated with the inquiry.
"Google's constant footdragging and obstructionist tactics when it comes to dealings with regulatory authorities is finally catching up with them," said Simpson.