The Italian Competition Authority (AGCM) has closed its investigation into Google’s request for user consent to link its services, concluding the case with binding commitments that significantly enhance the clarity and freedom of users’ choices regarding the combined use of their personal data. The proceeding, opened in July 2024, examined whether Google’s previous consent flow—introduced to comply with Article 5(2) of the Digital Markets Act (DMA)—failed to provide sufficiently complete and comprehensible information and risked exerting undue pressure on users.
The Authority determined that the original consent request focused primarily on the concept of “linking services” without clearly explaining that such linking enabled the cross-use and combination of personal data across Google’s extensive ecosystem, including artificial intelligence services such as Gemini. It also noted the absence of clear references to the full range of services affected, the lack of visibility on users’ ability to tailor their consent, and the temporary blocking of services such as Google Search while awaiting a user decision.
In the commitments accepted by the AGCM, Google has agreed to provide more rigorous and accessible information on the implications of consent for personal data processing, the variety of services involved, and the possibility of selecting only specific services to be linked. The company will also clarify that declining consent does not significantly alter most functionalities, addressing earlier concerns about wording that could intimidate users. The decision flow will allow users to postpone their choice up to three times across Search, YouTube and Play, with clearer notice that postponement is possible.
Google will implement an updated version of the consent request for all new Italian accounts and for users who have not yet made a choice. For those who have already expressed a preference, the company will send an individual communication summarizing their existing selection and presenting the new information now required. The email will include direct links to the DMA, the full list of non-core services, Google’s privacy notice and the privacy control tools where users may revise their decisions at any time.
The proceeding was conducted in coordination with the European Commission, responsible for enforcing the DMA. Although the Italian Communications Authority (AGCom) opted not to issue a formal opinion, the AGCM reaffirmed its competence under consumer-protection rules to assess potential misleading or aggressive practices.
Assessing the commitments as fully adequate to remove the concerns raised in the investigation, the AGCM concluded the case without establishing an infringement. Google has six months to implement all measures and must notify the Authority upon completion. The decision foresees potential sanctions of up to EUR 10 million in the event of non-compliance.