Google's move to a unified privacy policy generated quite a stir when it was announced last year. Although the search giant defended the changes as a way to simplify privacy – with a single document instead of 60 – and a more intuitive experience across its own services. Indeed, little had changed in terms of how Google could gather and combine data, but the move still raised concerns with privacy watchdogs around the globe.
Now, following fifteen months of debate and scrutiny, European authorities are giving Google an ultimatum asking them to revise their privacy policy. The latest to chime in is UK's Information Commissioner's Office (ICO), which says the policy raises "serious questions" about compliance with the UK Data Protection Act.
Specifically, the ICO found three main areas of concern. First, the group says Google needs to provide more information about how it processes users' personal data. Google also needs to inform users specifically what their personal data is being used for so they fully understand the implications of using Google's services; and lastly it must inform users when retention of personal data might exceed service users' reasonable expectations.
Should Google fail to amend its privacy policy by September 20, the ICO could issue an enforcement notice through the courts and potentially fine the company with up to £500,000.
The warning follows similar complaints from the equivalent organization France last month, which put a legal order in place on its recommendations, giving Google three months to respond or face court action. Other European nations running investigations into Google's policy include Spain, Germany, Italy, and the Netherlands.