Google to comply with the privacy measures set forth by the Italian DPA. Verification protocol approved by the DPA
Google to comply with the privacy measures set forth by the Italian DPA
Verification protocol approved by the DPA
Google will implement all the measures imposed by the Italian DPA to protect Italian users' privacy. For the first time in Europe, it will be the subject of regular checks to monitor progress status of the actions to bring its platform into line with domestic legislation.
The Italian DPA approved the verification protocol referred to in its order of July 2014 to Mountain View. This marks a shift from the laying down of measures by the DPA to the practical implementation of such measures by Google, which will have to be fully compliant by 15 January 2016.
The protocol envisages quarterly updates on progress status and empowers the DPA to carry out on-the-spot checks at Google's US headquarters to verify whether the measures being implemented are in compliance with Italian law.
The protocol enables the DPA to continuously monitor the changes Google is required to make to the processing of personal data relating to users of its services – including its search engine, emailing, YouTube and social networking services.
The key measures Google is to implement in the course of 2015 are summarized below:
Google will have to set up an archive including previous versions of its privacy notices to allow users to keep track of the changes made over time.
In order to profile users of its services, Google will have to first obtain their informed consent. This requirement will have to be implemented, though via different mechanisms, both for new accounts and for existing Google accounts.
All data subjects will have to be afforded in any case the right to object to the processing of their data for profiling purposes.
Data Storage and Deletion
The US giant will have to further improve its data storage and deletion mechanisms as for users' personal information. In particular, a specific timeframe will have to be in place regarding data deletion from both online and back-up systems.
Internal rules on anonymization will have to be revised to ensure that the relevant procedures are fully effective and compliant with the guidance already provided by European DPAs.
Users' Requests for Delisting Search Results
An exchange of information will continue regarding delisting requests received by Google from Italian users so as to monitor the implementing arrangements of the so-called right to be forgotten.
Rome, 20 February 2015