MarketingRegulationSecuritySurveillance-ITWorkspace

French Watchdog’s 69 Probes Latch Onto Google’s Privates

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

French regulator CNIL reveals the 69 questions it asked on Google’s privacy policy

French data protection watchdog CNIL has published the 69 questions it sent to Google over its privacy practices.

CNIL sent Google a letter on 16 March, including a lengthy questionnaire. In it, Google is asked to say how many complaints it received over the privacy policy changes, how non-account holders will be affected and in which instances the company collects personal data, amongst other questions.

The questionnaire asks for detailed information on Google’s use of cookies, asking the company to indicate how it informs users and collects consent for cookies that are not ‘strictly necessary’ to provide a service. Under new EU-wide laws, businesses have to get consent from users before installing cookies on their browsers.

Dirty fingerprints?

The French body also wanted to know whether Google was using “fingerprinting” where a website owner can identify a specific browser instance by using various data about the browser, such as screen size, IP address, fonts and extensions.

CNIL has taken the lead for Europe on probing Google over its privacy policy, as agreed by the Article 29 Working Party that includes the UK watchdog – the Information Commissioner’s Office (ICO) – as well as all other European data protection authorities. All members of the group contributed questions for Google.

Google came under fire earlier this year after saying it wanted to share user data across its different services. Google said it was lumping all its different services’ privacy policies into one document to make things simpler, but some suspected more surreptitious, self-serving motivations.

Even EU Justice Commissioner Viviane Reding stepped in to question whether the changes were legal. Despite widespread concern, Google introduced its slimmer privacy policy on 1 March.

“The CNIL deeply regrets that Google did not delay the application of the new policy, despite the first conclusions of our analysis regarding its compliance with the European data protection legislation,” CNIL said in its letter on Friday.

The letter revealed Google had offered to meet with the Article 29 Working Party, but CNIL said “a hearing would be premature”. “It is necessary that we receive responses to our questionnaire before we can reconsider this request,” CNIL said.

Google’s responses will not be published unless it gives consent.  It has been asked to provide answers by 5 April.

Earlier this month, TechWeekEurope learned that Britain’s ICO would follow other regulators, if the Article 29 Working Party decided to punish Google. This is despite the ICO having tougher fining powers when compared to some other European nations.

Think you know Google’s secrets? Test your knowledge with our quiz.