* Italian watchdog says Google practices still inadequate
* Google says will continue to cooperate with regulator
* Roadmap of measures to comply fully seen by end September
(Adds details on regulator's decision, source on possible
By Danilo Masoni
MILAN, July 21 Italy's data protection regulator
has given Google 18 months to change the way it treats
and stores user data, bringing to an end an investigation that
is part of a European drive to reform the internet giant's
Regulators in several European nations including Italy began
a joint inquiry last year after Google consolidated its 60
privacy policies into one, combining data collected on
individual users across its services, including YouTube, Gmail
and social network Google+. It gave users no means to opt out.
In a statement on Monday, the Italian watchdog said Google's
disclosure to users on how their data was being treated remained
inadequate, despite the company having taken steps to abide by
The watchdog gave the group 18 months to comply fully and
indicated a series of measures Google must put into practice.
The Rome-based regulator said Google would not be allowed to
use the data to profile users without their prior consent and
would have to tell them explicitly that the profiling was being
done for commercial purposes. It also demanded that requests
from users with a Google account to delete their personal data
be met in up to two months.
A spokesman for Google said the company had always
cooperated with the regulator and would continue to do so,
adding it would carefully review the regulator's decision before
taking any further steps.
As part of the process, Google also agreed to present a
document by the end of September that will set a roadmap of
steps to comply fully with the Italian regulator's decision.
A source familiar with the regulator said should Google not
comply it could risk fines of up to about 1 million euros, a
tiny fraction of Google's income, as well as possible criminal
Regulators in France and Spain have already fined Google for
breaking local laws on data protection, underscoring growing
concerns across Europe about the volume of personal data that is
held in foreign jurisdictions.
In Britain, the ICO regulator gave Google until September 20
last year to make changes to bring the policy into line with
local law. On Monday a spokesman did not return a request for
comment asking for an update on the case.
In the Netherlands, the data protection regulator found in
law. A spokeswoman said the Dutch regulator was still weighing
whether to take enforcement measures, which can include fines.
In a separate regulatory development, Google is taking
initial steps to meet a European ruling that citizens can have
objectionable links removed from Internet search results, a
ruling that pleased privacy campaigners but raised fears that
the right could be abused to hide negative information.
(Reporting by Danilo Masoni and Leila Abboud; editing by Sophie
Walker and David Clarke)