Google To Change Privacy Policy, ICO Confirms

Google has agreed to change its privacy policy for UK customers following an investigation by the Information Commissioner’s Office into its harvesting of personal information.

It comes after the ICO said that Google’s current privacy policy, which it introduced back in March 2012, was, “too vague” when describing how it uses personal data gathered from its web services and products.

Long Time Coming

The agreement by Google to revise its privacy policy in the UK has been a long time coming.

Google had initially caused controversy back in January 2012 when it said that it would merge all of its privacy policies for all its different services, into one single policy document.

That change triggered widespread concern by watchdogs and regulators around the world, but Google went ahead in March 2012 and implemented the single privacy policy, which triggered formal investigations by a number of different groups.

Over the years Google has worked with authorities since the change, but has been fined by the French regulator for example for ignoring a three-month deadline imposed in September 2013 when it was ordered to clean up its data privacy policies. The German regulator has also fined Google.

But the ICO was always unlikely to fine Google. The ICO had told Google in July 2013 that it had to resolve the privacy policy, because it didn’t meet with the First and Second Data Protection Principles set out in the UK Data Protection Act.

Google Agreement

Since that time Google responded with a number of number of changes to the privacy policy, and after the official blessing from the EU, the search engine giant agreed this month to sign an undertaking committing to all the changes suggested by June 30 2015.

Further steps will be undertaken over the next two years as well.

“This undertaking marks a significant step forward following a long investigation and extensive dialogue,” said Steve Eckersley, head of enforcement at the ICO. “Google’s commitment today to make these necessary changes will improve the information UK consumers receive when using their online services and products.”

“Whilst our investigation concluded that this case hasn’t resulted in substantial damage and distress to consumers, it is still important for organisations to properly understand the impact of their actions and the requirement to comply with data protection law,” said Eckersley. “Ensuring that personal data is processed fairly and transparently is a key requirement of the Act.”

How well do you know Google’s secrets? Find out with our quiz!