Google may face a coordinated crackdown by privacy regulators in Europe before this summer unless the Web giant makes dramatic changes to how it manages user data.
France's privacy watchdog said today that Google had yet to respond with "precise and effective" answers to a dozen recommendations unanimously adopted by 27 national regulators last October and as a result could face a coordinated "repressive action." The Article 29 Working Party, a group of data protection officials from each member states, is expected to vote on the proposal at the end of the month.
"European data protection authorities have noted that Google did not provide any precise and effective answers to their recommendations," Commission Nationale de l'Informatique et des Libertes (CNIL), the organization that has aggressively led the probe against Google, said in a statement today.
"In this context, the EU data protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, lead by the CNIL, in order to coordinate their repressive action which should take place before summer," the CNIL said.
Saying that the Web giant was not in compliance with European law, the group suggested that Google should strengthen the consent sought for combining data for the purposes of service improvement and advertising; provide a centralized opt-out solution; and adapt the combination rules to distinguish between security and advertising. Google was also warned about not clarifying how long it stores user data.
Opponents of the change sued, saying the move was designed to increase the company's advertising effectiveness. EU officials asked that Google delay implementing its new policy until the privacy implications can be analyzed, but the Web giant declined, saying it had it extensively pre-briefed privacy regulators on the changes and that no objections were raised at the time.
Updated at 6 p.m. PT with Google comment.