Google ordered to rewrite privacy policy by British regulators

Tony Avelar/Bloomberg - Google Inc. signage is displayed at the company's headquarters in Mountain View, California, U.S., on Monday, April 4, 2011.

Google is facing more pressure in Europe as British regulators ordered the tech giant to make changes to its privacy policy in Europe by Sept. 20, following actions earlier this month from France and Spain.

The British data protection agency, the Information Commissioner's Office, said in a statement Thursday that it has written to Google to confirm that “its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.”

More tech stories

Facebook 1Q results soar; CFO to step down

Facebook 1Q results soar; CFO to step down

Facebook’s first-quarter earnings and revenue grew sharply, surpassing Wall Street’s expectations thanks to an 82 percent increase in advertising revenue.

Get Aereo out of the Supreme Court

Get Aereo out of the Supreme Court

The justices are ill-suited to evaluate a new innovation. It’s time for Congress to weigh in.

Responding in a statement, Google said: “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

The agency said that it was particularly concerned that Google’s policy, which went into effect in March and covers over 60 Google services, does not give users enough information about the data the firm collects and how it is used. It also has concerns that the policy does not share enough information about how long Google keeps user data.

If Google does not amend its policy, the British agency said, it will “leave the company open to the possibility of formal enforcement action.” The Guardian reported that the company could also face fines of up to $750,000, but only if there is proof that individuals may have been harmed by the policy.

Also on Thursday, the data protection office in Hamburg, Germany — where Google’s German office is based — said in a statement that it will be calling Google in for a hearing over concerns that the policy’s provisions on data collection are unclear.

Data protection officials from across the European Union have been scrutinizing Google’s privacy protections. The French data protection authority CNIL, which led a year-long investigation into Google’s privacy policy, and said in its order to the company in June that regulators in the Netherlands and Italy were assessing whether the policy violated data protection rules in those countries.

European regulators have been more critical of Google’s business practices than have American regulators. Britain’s ICO announced last month that it had taken further action against Google over data the company inadvertently collected from open wireless networks, demanding that the company delete any data it retained within the next 35 days or be considered in contempt of court.

 
Read what others are saying