Google complies with Italian privacy audits
Few weeks go by without Google coming under fire for some privacy-related misdemeanor or other. In Italy, however, the search giant has just agreed to comply with measures put in place by the Data Protection Authority. Moreover, the company will be subjected to regular audits to make sure that everything is in order.
Google is required to make improvements not only to privacy notices for its various services, but also obtain consent from users to use their data in research and profiling. The right-to-be forgotten also rears its head again as the authority requires Google to investigate individuals' requests for search listing removals.
Services such as Gmail, YouTube and Google+ will be checked on a quarterly basis to ensure that each has its own specific privacy policy. Google will need to start explaining to its users when data is collected from each of these services and fed into a larger data for the purposes of user profiling. Should any changes be made to privacy policies, Google will have to maintain an easily accessible archive of previous versions to give people a chance to compare them.
The Italian DPA is also demanding that the company makes improvements to its handling of data storage and deletion. Specifically, Google will have to make changes to the processes used to anonymize data and implement a specific time-frame for deleting data from backup systems. The authority is also looking for Google to improve its data storage and deletion mechanisms for users' personal information.
The DPA said that Google has until the beginning of next year to comply:
For the first time in Europe, it will be the subject of regular checks to monitor progress status of the actions to bring its platform into line with domestic legislation. The Italian DPA approved the verification protocol referred to in its order of July 2014 to Mountain View. This marks a shift from the laying down of measures by the DPA to the practical implementation of such measures by Google, which will have to be fully compliant by 15 January 2016.
This is far from the first time Google's privacy policies have come under scrutiny, and the level of interest it attracts in Europe means it is unlikely to be the last.
Photo credit: Chukcha / Shutterstock