Italy’s data privacy watchdog said Google had agreed to it conducting inspections at its Californian headquarters, the first time a European Union regulator will make checks on the company inside U.S. territory.
Friday’s announcement represents the latest privacy challenge for the company in the EU and underscores the willingness of the 28-member bloc to ensure its citizens’ data are treated according to EU law, even when held in foreign jurisdictions.
Google has been under investigation by several EU data protection authorities (DPAs) since it consolidated some 70 existing privacy policies into one in March 2012, combining data collected on individual users across its services, including YouTube, Gmail and social network Google+.
It gave users no means to opt out.
On Friday the Italian data protection authority said Google had agreed to put in place all the privacy protections required of it and to submit to regular checks. It said Google had until Jan. 15, 2016 to implement changes in how it treats and stores users’ data.
“For the first time in Europe, it (Google) will be the subject of regular checks to monitor progress … of the actions to bring its platform into line with domestic legislation,” the DPA said.
A Google spokeswoman said: “As we said in July last year, we have fully engaged with (the Italian regulator) … throughout this process and will continue to do so,” but did not confirm the details of any agreement.
The authority said it expected quarterly updates on progress and reserved the right to inspect Google’s headquarters to verify if its treatment of Italians’ data complied with the rules.
Under changes agreed on Friday, Google will have to make clear to users how their data would be used, the regulator said, adding Google would not be allowed to use data to profile users without their prior consent and would have to guarantee them the right to oppose their information being used in such profiling.
Regulators in France and Spain have fined Google for breaking local laws on data protection.