On July 10, 2014, the Italian Data Protection Authority issued  a resolution (no.353/2014) ordering Google Inc to comply with Italian privacy law in order to process personal data aimed at profiling its Italian end-users and their personality, analyzing consumption and commercial behaviour.Under the resolution, Google must implement specific rules referring to the privacy policy,  consent  and data retention if it plans to process the personal data of end- users of its website as well as any other Italian web sites owned by Google such as Gmail, GooglePlus, Google Wallet, YouTube, Street View, Google  Analytics.    

Privacy policy

Regarding prior information, Google must  provide its end-users with a privacy policy, which complies, inter alia, with  the Opinion no 10/2004 issued by WP 29. This states that Google must give its end-users complete and transparent information regarding the use of their personal data, explaining that their data is used and analysed in order to profile their commercial behaviour, and collected by means of cookies and other identifiers for profiling, such as fingerprinting.  

In addition, in order to use data of its end users for profiling and commercial advertising, Google is required to obtain the prior and informed consent, under article no.13 of the Italian Privacy Code, even from authenticated  users, such as users of gmail service, and to ensure  its users can exercise the right to object  to the processing of their personal data where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

Delete data

Ultimately, Google is required to delete the data of end users, which have a Google account, under request, within a maximum period of two months, if their data is stored in the active systems  and within a period of 6 months if their data is stored in the back- up systems. Google must implement the resolution within 18 months, from the date of notification of the resolution and has to submit to the Italian Data Protection Authority its new standard of privacy policy and privacy protocol  within September 30, 2014