Google has agreed to on-the-spot audits at its U.S. headquarters in order to comply with Italy’s data protection laws.
The Italian data protection authority (DPA) imposed several privacy measures on Google after an investigation into the company’s policies that was completed in July 2014. On Friday, the authority said Google will comply with all demands.
The process to verify compliance calls for the DPA to check up on Google’s progress at its U.S. headquarters. It remains unclear when that will happen, though. “There is no precise appointment at the moment but there is an agreement to be able to go there,” a spokesman for the authority said.
Google will also be subject to quarterly checks in Italy to monitor progress, the authority said. It’s the first time that is being subjected to such checks by a European authority, the DPA said.
It will also have to provide details about which data is being collected and what it will be used for. For example, it will have to tell users if their data is combined across multiple services. If Google wants to profile its users, it can only do so after it has obtained informed consent, the DPA said.
Google will also have to improve the way it stores and deletes data. In particular, there should be a specific time frame in which data will be deleted from Google’s systems. Internal rules on anonymization of personal data will have to be revised to be compliant with the guidance already provided by European DPAs.
A Google spokesman said it would continue to work with the Italian DPA. It will have to implement the measures by February 2016.