By Dan Cooper & Ezra Steinhardt
The report, released together with an annex, makes a number of recommendations to Google, including, for example, recommendations:
- That Google enhance its notices to users by becoming more specific about what types of data Google processes and combines, and for which services; by introducing new interactive privacy notices; by adding more in-product and product-specific privacy information; and so on.
- That Google simplify the various opt-out mechanisms that it provides to users, and to make them available in “one place”;
- That Google obtain explicit user consent for the combination of user data for certain purposes.
A variety of other recommendations are also made in the Annex (for example, Google is asked to clarify that users are not required to sign up to Google Accounts using their real names).
In a morning press conference, CNIL President Isabelle Falque-Pierrotin said that she would allow Google a period of “a few months” to respond to the recommendations. If Google takes no action by that time, she said the CNIL will consider litigating against Google in national French courts.
In a separate letter, other data protection authorities, from Australia, Canada, Mexico, Hong Kong and Macao (representing the Asia Pacific Privacy Authorities Forum) also endorsed the findings.