Google in the dock over privacy policy. Again.
It started with the data protection authorities in Spain. Then the Germans raised an action. Now the UK government has ordered Google to make its privacy policy easier to understand. The Information Commissioner warned last year that it was going to investigate Google’s new policy after the Internet giant compiled all of its privacy policies across its various services into one "unified privacy policy". The UK's regulator Information Commissioner said: “Google must now amend their privacy policy to make it more informative for individual service users.” Google's “unified privacy policy” made it possible for its various services to share user data. This meant that users' Gmail keywords, YouTube views, and search terms were all put i a big pot and used to make up part of the profile used to sell more effective targeted advertising.
Previously each service had its own individual privacy policy which meant that that Google had 60 different privacy policies covering how Google used data. The move to a unified policy drew criticism from privacy watchdogs. As a result, the Europe’s privacy watchdog the Article 29 Working Party appointed the French equivalent of the ICO (the Commission Nationale de l’information et des Liberties (CNIL)) to assess whether or not the Internet giant complied with EU data protection laws.
The ICO said "We believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products. “Failure to take the necessary action to improve the policy's compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”
The news will hardly impress privacy advocates who lament the ICO’s ability to only fine Google up to £500,000. Others will take some solace in the UK’s data regulator finally baring its teeth over Google’s perceived liberties with data. The ICO has given Google until 20 September to "take the necessary action to improve the policies compliance" and has threatened to take "formal enforcement action” if the company does not do so. Earlier this year, a data protection watchdog in Germany fined Google €145,000 over the unauthorised collection of personal data in relation to the company's Street View project.
Google posted 1st quarter profits of £928million. Google has consistently argued that its single privacy policy complies with EU data protection rules.