When asked if this means that Google will actually delete data from all backups upon request after an additional period of time, Google responded: "Google has documented policies and processes covering deletion of user data from back-up tapes." It is impossible to provide an upper bound to the additional retention period needed to delete data from all backups, because that time varies from case to case, the company added.
Google also failed to specify the maximum additional retention period for data deleted by authenticated users, although it did say that its unspecified backup and retention policies "would, for example, enable us to restore a maliciously deleted user account."
The privacy regulators are particularly interested in the so-called "PREF" cookie and in the DoubleClick cookie, used for serving ads. Google explained in the first batch of answers that the PREF cookie is used to store user preferences and other information such as preferred language, how many search results users wish to have shown per page and whether the SafeSearch filter should be switched on.
CNIL has started a legal and technical analysis of Google's answers, its communications officer Elsa Trochet-Macé said in an email on Friday.
"We first needed to send our questionnaire and receive written answers before meeting Google," she said, adding that there could be a discussion with Google and the Article 29 Working Party later.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com