As it
had aknowledged last month, the French National Commission on Computing and Liberty (CNIL) has sent questions at Google about the new privacy policy it introduced at the start of this month.
The CNIL prepared
this questionnaire on behalf of and in cooperation with the Article 29 Working Party, that gathers the EU data protection authorities. The commission has asked Google to delay introduction of the new policy, which it says breaches E.U. data protection law, but Google refused.
This is the second letter sent to Google by CNIL, after the first
one sent early February.
The questionnaire includes 69 precise questions and aims at clarifying the consequences of this new policy for Google's users, whether they have a Google Account, are non authenticated users, or are passive users of Google's services on other websites (advertising, analytics, etc.).
CNIL highlights a significant omission from Google's new policy: face recognition. The feature is used in the Picasa desktop application linked to Google's online photo album service.
Another area of concern for the commission is Google's use of cookies to identify particular terminals, which would enable it to link all account users connecting to Google services through those terminals.
The commission also wants to know why users' personal information may not be removed from Google's backup systems even after a user has asked Google to remove it.
CNIL said that Google's answers would serve to assess if the combination of data across services complied with the European data protection framework.
The CNIL asked Google to provide written responses by April 5.