On July 21, 2014, the Italian Data Protection Authority published resolution no. 353 of July 10, 2014, which stated that Google Inc shall have to comply with the Italian privacy law in order to process personal data aimed at profiling its Italian end-users and their personality, analyzing consumption patterns and/or choices.

This resolution set out specific rules referring to the privacy policy, consent and data retention that Googls Inc shall have to implement in order to process personal data of end-users of the web site: www.google.it and any other Italian web sites owned by Google Inc, such as Gmail, GooglePlus, Google Wallet, YouTube, Street View, Google Analytics.

Under this resolution, Google Inc shall have to provide its end-users with a privacy policy,which complies inter alia with the Opinion no 10/2004 issued by WP 29. Google Inc must give its end-users a complete and transparent information regarding the use of their personal data, explaining that their data are used and analyzed in order to profile their commercial behavior, and collected by means of cookies and other identifiers for profiling, such as fingerprinting.

In addition, in order to use data of its end – users for profiling and behavioral and commercial advertising, Google Inc is required to obtain the prior and informed consent, under article no. 13 of the Italian Privacy Code, even from authenticated users, such as users of gmail service, and to ensure its users to exercise the right to object to the processing of their personal data where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

Ultimately, Google Inc shall retain end –users’ personal data for a determined period.

In addition, Google Inc is required to delete data of end users, which have a Google account, under request, within a maximum period of two months, if their data are stored in the active systems and within a period of 6 months if their data are stored in the back-up systems.

Google shall have to implement the resolution within 18 months, from the date of notification of the resolution and have to submit the Italian Data Protection Authority its new standard of privacy policy and privacy protocol within September 30, 2014.