On 16 October and after studying Google's revised policy in depth, the EU privacy watchdogs sent a letter to the ‘leader in the online world’, requesting it to explain its intentions and methods for combining data collected from its various services and to give its users more control over how the information is compiled. The authorities also proposed 12 'practical recommendations' and requested Google to modify its practices accordingly, including:
- 'reinforce users' consent' by allowing them to choose under what circumstances and for purposes their data is combined, for instance by asking them to click on dedicated buttons;
- offer a centralised opt-out tool allowing users to object their data to be combined for certain Google's services or purposes; and
- adapt Google’s tools used for the combination of data so that it remains limited to the authorised purposes, e.g. by allowing the consumer simplicity to permit the collection of its data for security or targeted advertising.
The regulators said that Google had enough time to accede and make some changes since originally warned earlier this year and had threatened with possible fines or legal actions unless Google takes action. However, it remains uncertain whether CNIL will levy a fine on the company and whether other EU authorities will follow suit.
This is a ‘significant step in the mobilisation of EU authorities’ to enforce online privacy law, putting the consumers in control of their personal information and ensuring that large companies, such as Google, will not easily disregard their customers’ privacy in pursuit of greater profits.