Though the news conference was set in Paris, the regulators from 27 European nations sought to invoke what they said were universal principles of data privacy, with users having control over what kind of personal information is collected, how it’s used and how long it’s kept. Particular care, officials said, should be taken with credit card and biometric data.
This approach won the endorsement of fellow regulators in Mexico, Australia, Hong Kong, Canada and Macao, who offered a letter of support. But a request for an endorsement from the U.S. Federal Trade Commission was declined, said Isabelle Falque-Pierrotin, head of the French Data Protection Authority, which took the lead in the investigation.
“We would have been happy if they would have signed it,” Falque-Pierrotin said in an interview Tuesday. “I think they will study it and have their own conclusions.”
The request came in Brussels last week, where the FTC’s director of the Bureau of Consumer Protection, David C. Vladeck, was attending meetings related to a privacy bill before the European Parliament. In an interview Tuesday, Vladeck confirmed that the French had approached him about the matter, but he declined to discuss his response. He also declined to say whether the FTC is investigating any of the privacy issues raised by the other regulators.
Tuesday’s letter from European regulators, however, identified significant legal shortcomings and offered detailed suggestions on how to remedy them. Falque-Pierrotin, the French regulator, said the company has three or four months to bring its policy into compliance.
“If Google doesn’t do anything, we will be right ready to take sanctions,” she said.
Google did not immediately announce any changes to its policy.
For the FTC, requests to join such such a sweeping and public declaration could have been complicated by an ongoing regulatory matter. The FTC signed a consent decree last year with Google over allegations that its Google Buzz social-media service violated the privacy of users by using their e-mail contacts to develop the service. Some users had their contacts revealed publicly online.
That decree imposed a 20-year review period. When Google allegedly violated the decree through its handling of cookies on Apple’s Safari browser, the FTC imposed a record $22.5 million fine in July. The FTC also is in the final phases of deciding whether to sue Google over antitrust allegations.