The surveillance program, “combined with the ongoing investigation of Google’s business practices, has created almost a tsunami of privacy enforcement,” said Marc Rotenberg, executive director of the advocacy group Electronic Privacy Information Center.
The information agency said that it was particularly concerned that Google’s policy, which went into effect in March and covers more than 60 Google services, does not give users enough information about the data the firm collects and how it is used. It is also concerned that the policy does not disclose enough information about how long Google keeps user data.
If Google does not amend its policy, the ICO said, it will “leave the company open to the possibility of formal enforcement action.”
The ICO was joined Friday by a data protection office in Hamburg, Germany — where Google’s German office is based — which said in a statement that it will hold a hearing on concerns that Google’s policy on data collection is unclear.
In a statement, Google said that its policies comply with European law and “allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”
European regulators have cast a critical eye on Google’s privacy protections since January 2012, long before reports surfaced that Google, its YouTube video service and seven other tech firms were participants in U.S. government surveillance programs.
Last month, after a year-long investigation led by French data protection authority CNIL, French and Spanish regulators said Google could face fines if it did not amend its privacy policies within three months. The agency also indicated data protection officials in the Netherlands and Italy were assessing whether Google violates data protection rules in those countries.
Officials from the European Commission have warned that the fallout from the PRISM program could discourage European businesses from using American data storage providers such as Google, Microsoft and Dropbox. On Wednesday, members of a key European Parliament committee voted to launch an inquiry into U.S. data surveillance programs and said they were open to suspending data-sharing deals with the United States. Data privacy is also expected to be a part of U.S.-E.U. trade negotiations that are scheduled to begin Monday.