It is a move announced a few hours after that the French agency for data protection, CNIL, give an ultimatum to the company to comply with the laws of the country. The AEDP states “agreed the start of this research in the framework of a coordinated action with the Data Protection Authorities of Germany, France, Holland, Italy and the UK “.
In Spain, the procedure is to clarify, among other things, whether the combination of data from various services complies with the guarantees of information to users, if the aims and proportionality for which information is used legitimizes treating and if data retention periods and options for users to exercise their rights of access, rectification, cancellation and opposition meet the Organic Law on Data Protection.
Five serious infractions and a slight
The beginning of this disciplinary proceeding occurs after finishing the previous research conducted by the AEPD, which allowed a finding ofevidence of the commission of a total of six offenses , five of them serious that could lead to a fine of up to 300,000 euros and a slight-of LOPD.
Among the signs detected by the Spanish agency, it notes that ” Google does not report clearly on the use to be made of data it collects from users , so they can not know precisely what ends justify the collection of their personal data or the use to be made of the same “.
In addition, unified privacy policies allow the company, according to the AEPD, “combine personal information with service to others and use it for other purposes.”
Besides suspect that Google “could be doing a disproportionate treatment of user data,” the company “could be preserving user data indefinitely or unreasonable” .
Finally, it alleges that “the tools offered by Google to exercise the rights of access, rectification, cancellation and opposition are scattered , are not available to all users, are incomplete and appear with names that do not always correspond to the subject is about. “