* Google sends first batch of answers to France’s CNIL
* French regulator is leading a Europe-wide inquiry
* Rest of answers due April 15
* Google could face administrative sanctions, fines
By Leila Abboud and Claire Davenport
Google sent responses to half of the questions asked by France’s Commission Nationale de l‘Informatique (CNIL) about three weeks ago in the form of an 18-page letter and a lengthy annex. It will provide the rest by April 15.
The CNIL will then analyse the responses in its role as the leader of the investigation on behalf of data protection regulators in Europe’s 27 member states. The CNIL has already said it has “strong doubts” that Google’s new approach to privacy complies with European law.
French data protection watchdog in March asked Google to explain what it will do with user data it collects, how long it will store it and whether it will be linked to the person’s real identity, as well as the legal justification for its approach.
Jacob Kohnstamm, who heads the Netherlands’ data protection authority and the pan-European advisory body that gathers all such regulators, told Reuters that the investigation could lead Google to face a range of sanctions.
The CNIL can either issue an administrative caution, giving the company anything from a week to a few months to rectify their actions, or an outright fine, Kohnstamm said, explaining that many countries in the EU approach breaches differently.
Google’s global privacy counsel Peter Fleischer said in his letter to the CNIL that the company was committed to providing users with comprehensive privacy information and willing to meet European regulators to explain its approach.
“We are convinced that the overall package of our privacy notices respects completely the requirements of European data protection law,” wrote Fleischer.
The U.S. company also said it will pool data it collects on individual users across its services, allowing it to better tailor search results and improve service.
Users cannot opt out of the new policy, which took effect in early March, if they want to continue using Google’s services.
The debate over data privacy comes at a delicate time for Google, whose business model is based on giving away free search, email, and other services while making money by selling user-targeted advertising.
It is already being investigated by the EU’s competition authority over how it ranks search results and whether it favours its own products over rival services. EU Competition Commissioner Joaquin Almunia said last month he would decide whether to formally charge Google after Easter on April 8 or drop the investigation which began in 2010.
The European Union is also in the process of writing a new law to tighten data protection online, which includes creating a so-called right to be forgotten to allow people under some circumstances to request to have data they submitted or posted on websites removed.
Among the issues the CNIL raised in its questions was whether Google will track people using mapping or search their smartphones and use facial recognition technology on users’ photos.
In the first batch of responses to the CNIL, Google said that it did gather and process location data on its users when they used services such as Google Maps and social network Google+ but that it was on an opt-in basis.
As for the facial recognition feature, dubbed ‘Find my Face’, Google said it was purely optional and users of the social network can easily turn it off.
CNIL also asked 21 out of its 69 questions about Google’s plans to share the data it collects on users across its services, but Google has not yet responded to them.