The French body also wanted to know whether Google was using “fingerprinting” where a website owner can identify a specific browser instance by using various data about the browser, such as screen size, IP address, fonts and extensions.
Google came under fire earlier this year after saying it wanted to share user data across its different services. Google said it was lumping all its different services’ privacy policies into one document to make things simpler, but some suspected more surreptitious, self-serving motivations.
“The CNIL deeply regrets that Google did not delay the application of the new policy, despite the first conclusions of our analysis regarding its compliance with the European data protection legislation,” CNIL said in its letter on Friday.
The letter revealed Google had offered to meet with the Article 29 Working Party, but CNIL said “a hearing would be premature”. “It is necessary that we receive responses to our questionnaire before we can reconsider this request,” CNIL said.
Google’s responses will not be published unless it gives consent. It has been asked to provide answers by 5 April.
Earlier this month, TechWeekEurope learned that Britain’s ICO would follow other regulators, if the Article 29 Working Party decided to punish Google. This is despite the ICO having tougher fining powers when compared to some other European nations.
Think you know Google’s secrets? Test your knowledge with our quiz.