Google Privacy Report Due in September, France’s CNIL Says

July 10 (Bloomberg) -- France’s data-protection authority will report to other European regulators by early September on Google Inc.’s changes to its privacy policies.

Google’s responses to the regulator’s second round of questions came about two weeks late, delaying the report, Isabelle Falque-Pierrotin, head of the agency, said today. Google’s responses to initial queries weren’t “entirely satisfactory,” she said.

“We have been engaged in extremely close discussions” with Google on privacy policies, Falque-Pierrotin said at a Paris press conference for the release of the agency’s annual report.

Google’s privacy protections are “the key subject” for European data protection authorities, Falque-Pierrotin said. The agencies, known collectively as the Article 29 Working Group, asked CNIL, or the National Commission for Computing and Civil Liberties, to review Google’s policy changes after the Mountain View, California-based company in January announced an overhaul to comply with European standards.

Google filed its response to the regulator’s second round of queries on June 21.

“Our new simple, easy-to-read Privacy Policy is supplemented by a vast array of contextual, in-product privacy notices” and is “in compliance with European data protection principles,” according to a cover letter from Peter Fleischer, Google’s global privacy counsel.

As part of his letter, Fleischer asked Falque-Pierrotin to identify the “law you are applying to this review, and the nature of the legal basis for any recommendations or conclusions you may arrive at.”

Under Review

Google declined to comment further on the review, spokesman Anthony House said today.

Twitter Inc. “is part of the list” of online companies with personal data policies that are under review, and it has submitted responses to CNIL queries, Falque-Pierrotin said. CNIL wants to ensure that “users are fully informed that their tweets can be used at other times,” she said, referring to posts on Twitter.

San Francisco-based Twitter, which is closely held, didn’t immediately respond to an e-mailed request for comment.

CNIL is also studying how U.S. authorities investigating money laundering and other crimes study Europeans’ personal data, including banking and travel records.

“Very honestly, the precise uses of the information by the American authorities seems to me to be extremely vague,” Falque-Pierrotin said. “It’s a subject on which we are extremely mobilized.”

At CNIL’s urging, privacy authorities in Ireland are conducting a second audit of Facebook Inc.’s Dublin facilities to ensure the company complies with EU rules, after the French found the company’s initial responses inadequate. The Irish report is expected by early September, Falque-Pierrotin said.

To contact the reporter on this story: Heather Smith in Paris at

To contact the editor responsible for this story: Anthony Aarons at