Google’s Unified Privacy Policy has raised eyebrows throughout Europe, and now the UK’s data protection office ICO has told Google it must amend the policy by September.

google cctv camera Google told to amend Privacy Policy

The Information Comissioner’s Office (ICO), a British data protection authority, has written to Google and confirmed that their privacy policy raises questions regarding Google’s compliance to the UK Data Protection Act. Specifically, ICO is concerned with the information users are being given about how their data is used:

“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.

In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”

ICO primarily has three concerns that need to be addressed by Google: First, Google must inform the user of how their data is being processed in more detail than is currently done. Secondly, they need to explain exactly what the data is being used for to fully understand the implications of using Google’s services. Finally, the user must be informed of when their data is being gathered.

google spying Google told to amend Privacy Policy

Google is watching you…

If Google doesn’t comply with ICO’s request, there are several legal actions ICO could pursue. An enforcement notice, essentially a stop-now order, could fine the company as much as £500,000 if it doesn’t comply with ICO’s demand by the 20th of September. “That’s for serious breaches of the data protection act that cause, or have the potential to cause, substantial damage and distress,” said a spokesperson.

The concerns raised by ICO mirror those raised by French, Spanish and other data protection agencies throughout Europe. Back in April, six European nations started data protection investigations into Europe. A spokesperson for Google responded to ICO’s demand:  “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

Via TechCrunch