The regulators stopped short of saying Google was acting illegally but published a list of privacy recommendations for Google, including suggesting the company should make it clearer to users how their personal information may be used, and how it is collected and collated from different services. The regulators also wanted Google to offer users an opt out. At the time, Google told TechCrunch it was reviewing the report, adding: “We are confident that our privacy notices respect European law.”
“On 18 February, the European authorities find that Google does not give a precise answer and operational recommendations. Under these circumstances, they are determined to act and pursue their investigations,” the CNIL said in its statement (translated from French with Google translate).
According to the statement, the European regulators intend to set up a working group, led by CNIL, to “coordinate their enforcement action” against Google — with the working group due to be established before the summer. An action plan for tackling the issue was drawn up at a meeting of the regulators late last month, and will be “submitted for validation” later this month, they added.
Separately, the European Commission is in the process of reforming European privacy rules – with proposals to harmonize regulation across all member states, and strengthen independent national data protection authorities, including giving them the ability to fine companies up to €1 million ($1.27 million) or up to 2 percent of their global annual turnover. As part of this reform the EC is proposing European internet users should be able to exercise a right to be forgotten by requesting that companies delete any personal data held on them — so long as there are no legitimate grounds to retain it.