ICO orders Google to change its privacy policy

The ICO has given Google until 20 September to change its privacy policy. The ICO wrote to the search engine giant on 4 July warning that it could take formal enforcement action if Google did not act. The ICO confirms in its letter that Google’s updated privacy policy raises serious questions about its compliance with the UK Data Protection Act. In March 2012 Google updated its privacy policies, replacing all its various privacy policies with one all-encompassing policy covering services such as Gmail and YouTube.

An ICO spokesperson said: “In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies' compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”

EU data protection watchdogs investigate Google
Google’s privacy policy has been under investigation by the Article 29 Working Party (made up of the heads of the national data protection authorities of EU member states) since last year. The Article 29 Working Party appointed the French Data Protection Authority (CNIL) as the lead regulator on this issue. Other data protection authorities in Spain, Hamburg, Holland and Italy are also in the early stages of taking enforcement action against Google.

This coordinated action by European data protection regulators is a foretaste of the proposals in the draft Data Protection Regulation for greater cooperation between the national data protection authorities

James Milligan, Solicitor, DMA