By Jeff Gould, SafeGov.
The CNIL stated:
- The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing. They may therefore neither understand the purposes for which their data are collected, which are not specific as the law requires, nor the ambit of the data collected through the different services concerned. Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion.
- The company does not comply with its obligation to obtain user consent prior to the storage of cookies on their terminals.
- It fails to define retention periods applicable to the data which it processes.
- Finally, it permits itself to combine all the data it collects about its users across all of its services without any legal basis.
The full announcement can be found here.
SafeGov’s statement is as follows:
“Google’s continued violation of and obstinacy against EU data protection rules is deeply concerning, not just to the average consumer, but also to the schools, governments, hospitals and businesses that Google is increasingly targeting. There is an inherent conflict of interest in allowing the world’s largest advertising company to collect, process and store such sensitive personal data. We encourage Data Protection Authorities to look specifically at this issue as they continue to investigate privacy abuses.”
Jeff Gould has 20 years of experience in technology publishing and IT market research. Jeff currently serves as the president of SafeGov Inc.