The unified privacy policy from Google has once again brought the company into the spotlight, as this time it has run afoul of a top data protection regulatory body in Europe. According to the latest update, the regulatory body of UK, ICO, has confirmed that it has sent a letter to the search engine giant to verify that the privacy policy of Google does not comply with the Data Protection Act of UK and they have some serious objections regarding the current policy of the company. As a result of that the UK watchdog has ordered the Mountain View-based company to change its privacy policy. The spokesperson of ICO said in a statement that:
“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.
“In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.
“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”
Apart from this ICO has also affirmed that there are three major areas of concerns. Below is the full detail of these three major areas:
“Reasonable expectations and sufficient information
Google must comply with the first principle and provide further information in the policy with regards to the manner in which it processes personal data.
“Specified purposes
Google must comply with the second principle and further define and specify the purposes for which personal data is processed to allow users, regardless of their status, to understand in practice what the implications of using the services are.
Retention of data
Google must, in order to ensure processing is fair and in compliance with the first principle, give service users sufficient information where retention of personal data might exceed service users’ reasonable expectations.”
The spokesperson of ICO also divulged that if Google failed to change its policy till September 20th of this year then, they have various action options to take against the company, which includes serving of enforcement notice to multinational corporation, “which is essentially a legal stop-now order… if they breach that it could be taken to the courts” and “also a monetary penalty of up to £500,000,” according to TechCrunch.
However, “That’s for serious breaches of the data protection act that cause, or have the potential to cause, substantial damage and distress,” says the spokesman.
Apart from this the spokesman also noted that areas which concerned them are “similar to those already raised by the French, Spanish and other data protection authorities also investigating this issue. France has also put a legal order in place on its recommendations so if they don’t comply with ours by the 20th of September there will also be problems across Europe.”
Source: TechCrunch