France’s data privacy authority CNIL (acting under EU mandate) sent Google the following questionnaire in order to clarify a number of concerns on the policy’s implementation, Google’s due diligence vis-a-vis its users and compliance of the policy with EU regulations.
The EU’s Article 29 Working Party (grouping Member State data protection authorities) stated that it further needs to clarify the consequences of the policy for users; specifically different levels of users, such as whether or not they have a Google Account, are non-authenticated, or simply passive users of Google’s services through Google APIs via other websites and/or applications (advertising, analytics, etc.).
The CNIL asked Google to provide written responses by April 5. Under EU law, responses are confidential unless Google consents to their release.