Google ordered to rewrite privacy policy by British regulators

Tony Avelar/Bloomberg - Google Inc. signage is displayed at the company's headquarters in Mountain View, California, U.S., on Monday, April 4, 2011.

Google is facing more pressure in Europe as British regulators ordered the tech giant to make changes to its privacy policy in Europe by Sept. 20, following actions earlier this month from France and Spain.

The British data protection agency, the Information Commissioner's Office, said in a statement Thursday that it has written to Google to confirm that “its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.”

More tech stories

Parking doesn’t have to be a hassle

Parking doesn’t have to be a hassle

Meet the man who wants to make parking in a garage as fun as riding in an Uber.

Big data: A double-edged sword

Big data: A double-edged sword

New information will improve our health and prevent crimes, but uncover skeletons and hurt privacy.

White House updating online privacy policy

White House updating online privacy policy

A new Obama administration privacy policy explains how the government will gather the user data of online visitors to, mobile apps and social media sites, and it clarifies that online comments, whether tirades or tributes, are in the open domain.

Responding in a statement, Google said: “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

The agency said that it was particularly concerned that Google’s policy, which went into effect in March and covers over 60 Google services, does not give users enough information about the data the firm collects and how it is used. It also has concerns that the policy does not share enough information about how long Google keeps user data.

If Google does not amend its policy, the British agency said, it will “leave the company open to the possibility of formal enforcement action.” The Guardian reported that the company could also face fines of up to $750,000, but only if there is proof that individuals may have been harmed by the policy.

Also on Thursday, the data protection office in Hamburg, Germany — where Google’s German office is based — said in a statement that it will be calling Google in for a hearing over concerns that the policy’s provisions on data collection are unclear.

Data protection officials from across the European Union have been scrutinizing Google’s privacy protections. The French data protection authority CNIL, which led a year-long investigation into Google’s privacy policy, and said in its order to the company in June that regulators in the Netherlands and Italy were assessing whether the policy violated data protection rules in those countries.

European regulators have been more critical of Google’s business practices than have American regulators. Britain’s ICO announced last month that it had taken further action against Google over data the company inadvertently collected from open wireless networks, demanding that the company delete any data it retained within the next 35 days or be considered in contempt of court.

Read what others are saying