The actions came on the heels of an investigation carried out by the Article 29 Data Protection Working Party, an independent advisory group established by the European Parliament for purposes of protecting personal data and free movement of such.
According to the CNIL press release, the Article 29 Working Party carried out an investigation from March through October 2012. CNIL was mandated to lead the investigation. In light of the Working Party’s findings, EU Data protection authorities forwarded Google a set of recommendations and asked for its compliance within four months.
A copy of a letter from the Working Party to Google published by Ireland’s Data Protection Commissioner reveals that these recommendations included – among other things – the suggestion that Google should disclose the ways in which personal data will be processed on each distinct service, and that it should detail how data would be combined across services.
Google did not meet this deadline, and did not institute any changes following a meeting with the data protection authorities of the six countries filing actions.
According to CNIL, “The article 29 working party’s analysis is finalized. It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation.”