On February 20, 2015, the Italian DPA approved the protocol that the authority will carry out in order to verify Google’s compliance with the requirements set forth with decision 3295641 to protect the privacy of Google’s service users in Italy.
The actual content of the approved protocol was not published, but according to the Italian DPA website, Google shall implement the privacy protection measures set forth by the Italian DPA by January 15, 2016. Meanwhile, the company shall provide quarterly updates on progress status, as well as allow the Italian DPA to carry out on-the-spot audits at Google’s US headquarters to verify that the implemented measures are compliant with Italian law. The DPA will also have the right to continuously monitor the changes that Google will implement with regard to the processing of the personal data of the users of its search engine, emailing services, YouTube and other social networking services.
The measures to be implemented according to decision 3295641 concern: (i) the information to be given to users (so as to clearly provide the most relevant information); (ii) the prior consent that shall be obtained for processing of personal data; (iii) the data retention periods; and (iv) the improvement of data deletion mechanisms. The measures apply to all services offered by Google in Italy.
Related documents:
- Directive 95/46/EC
- Directive 2009/136/CE
- Judgment C-131/12,
- WP29 Opinion n. 04/2012; WP 29 n. 2/2006; WP 29 n. 10/2004; Opinion WP 29 n. 04/2012; WP 29 n. 02/2013; WP 29 n. 10/2004
The order [doc. web n. 3738244] of January 22, 2015, approving the verification protocol is available at http://www.garanteprivacy.it…