CNIL is the French data protection agency which “…is responsible for ensuring that information technology remains at the service of citizens, and does not jeopardize human identity or breach human rights, privacy or individual or public liberties.”
In October 2012 the CNIL sent a letter which included this statement about the Google’s response to the EU’s inquiry:
The letter included these three legal issues:
- Firstly, the investigation showed that Google provides insufficient information to its users (including passive users), especially on the purposes and the categories of data being processed.
- Secondly, the investigation confirmed our concerns about the combination of data across services.
- Finally, Google failed to provide retention periods for the personal data it processes.
However in the April 2nd announcement the CNIL stated that “Google has not implemented any significant compliance measures.” It will be interesting to see the outcome and its impact on Google and privacy.