The U.K. Information Commissioners Office on Thursday ordered Google to change its privacy policy to comply with U.K. data laws. The company updated its privacy policy last year, combining individual policies from its various products into one blanket policy. The change was meant to deliver a better and more simplified Google experience, however critics immediately blasted the company. The ICO said that Google’s updated policy doesn’t “provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.” Google must now change its policy and make it “more informative for individual service users,” failure to do so may result in “formal enforcement action.” The company has also come under fire from data protection officials in France and Spain, and was recently given three months to amend its policy in those countries. The ICO’s press release follows below.
ICO update on Google Privacy Policy
Statement: 4 July 2013
An ICO spokesperson said:
“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.
“In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.
“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”
On background
The Information Commissioner’s Office (ICO) has taken today’s action after working with the other members of the Article 29 Working Party, made up of the other 27 data protection authorities from across Europe. Similar announcements have recently been made by several other data protection authorities, including those in France and Spain. We will continue to co-ordinate our efforts to ensure that people’s privacy rights are respected.