Google’s privacy policy: Italians probing a little deeper

Google is to be subject to regular on-site spot checks by the Italian data protection regulator under moves to ensure the Chocolate Factory complies with the country's privacy laws.

"For the first time in Europe, it will be the subject of regular checks to monitor progress status of the actions to bring its platform into line with domestic legislation," said the county's data protection authority.

These actions include improving its privacy policy by making it unambiguous and easily accessible; ensuring it obtains informed consent of users before profiling its services to them; and improvements to its data storage and deletion mechanisms.

Quarterly updates on the firm's progress will be conducted, with the regulator to carry out on-the-spot checks at Google's US headquarters to verify whether the measures being implemented are in compliance with Italian law.

Google will have to be fully compliant with the measures by 15 January 2016.

Many will view the latest decision as a further victory for European data protection regulators, with Google last month agreeing to change its privacy policy to comply with Blighty's Data Protection Act.

The UK's Information Commissioners' Office has finally managed to get Google to change its privacy policy. The giant ad broker was slapped by back in July 2013 for being "too vague" when describing how it uses personal data gathered from its web services and products.

In March 2012, Google introduced a new privacy policy which combined around 70 existing policies for various services. The ICO ruled that this new policy did not include sufficient information for users as to how and why their personal data were being collected.

Google has now signed a formal undertaking to improve the information it provides to people about how it collects personal data in the UK.

The controversial changes sparked a joint regulatory investigation from a number of European Union countries, which was led by France's Commission Nationale de l’Informatique et des Libertés (CNIL).

El Reg contacted Google this morning, and was told that "as we said in July last year, we've engaged fully with the Garante throughout this process and will continue to do so".

The spokesperson went on that this "is a procedural step by the [Italian] DPA that simply confirms what was already agreed last year after the DPA issued its order, and there's nothing new here.

"Please note also that the UK DPA recently closed its investigation, and we've dropped our legal appeals against last year's French and Spanish DPAs rulings," the spokesperson concluded. ®