Google to change UK privacy policy after regulatory pressure

Google will clarify its policy and redesign its account management pages by June 30

Google has agreed to improve the information it provides to people about how it collects personal data in the U.K., after it was required to do so by country's data protection authority.

The company has signed an undertaking committing to make further changes to the privacy policy to ensure it meets the requirements of the U.K.'s Data Protection Act, the Information Commissioner's Office (ICO) said Friday. Google will also take steps to ensure that future changes to its privacy policy comply with the law.

Google changed its privacy policy in March 2012, combining around 70 existing policies for various services, despite the concerns of European Union data protection authorities.

Like other authorities, ICO found that Google was "too vague" when describing how it uses personal data gathered from its web services and products. It ruled that he new policy provided insufficient information for users as to how and why their personal data was being collected.

By June 30, Google will make changes to comply with ICO's demands. While it will provide more and clearer information, it will also provide a user resource covering data processed by Google and the purposes of processing the data, according to the document signed by Google's senior vice-president and general counsel, Kent Walker.

What's more, Google will redesign its Account Settings pages, allowing users to find a variety of controls and information more easily, while it will also provide information to enable individuals to exercise their rights. More information will be added too about the entities that may collect anonymous identifiers on Google properties and the purposes to which they put that data, according to the document.

Google did not immediately respond to a request for comment.

While the investigation concluded that there was "no substantial damage and distress to consumers" due to the policy change, it is still important for organisations to properly understand the impact of their actions and the requirement to comply with data protection law, ICO said.

"It is vital that there is clear and effective information available to enable users to understand the implications of their data being combined," it said, adding that Google had already made a significant number of changes.

In January last year, the French privacy regulator fined Google €150,000 (over US$170,000) for breaching data protection law with its new policy. Google later appealed that decision.

Spain's data protection authority fined Google €900,000 in December 2013 for not providing users enough information about the personal information it collects, and the purposes it uses it for.

And more recently, the Dutch privacy authority threatened fines of up to €15 million if it does not changes its privacy policy to start complying with Dutch law by the end of February.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecurityInformation Commissioner's Officeprivacy

More about EUGoogleICOIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place