ICO To Follow EU On Potential Google Privacy Punishment

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

The ICO is being sheep to the EU’s shepherd over Google’s controversial privacy policy.

The Information Commissioner’s Office (ICO) will fall in line with other EU member states if Google is punished for its controversial privacy policy, even though the UK watchdog has tougher powers than other European regulators, TechWeek Europe understands.

Last week, deputy commissioner David Smith told the Guardian that Google’s policy is too “vague”, adding the ICO’s critiqe to those of other EU authorities, which  sent an email to the tech giant, saying the changes appeared to violate European law. The criticism was also made by European commissioner Viviane Reding.

France taking the lead

French data protection watchdog CNIL is now leading the investigation into Google’s policy. If the company is deemed to have breached privacy laws, the ICO will issue a similar penalty to that imposed by other EU nations.

This is despite Smith’s indication that the ICO is considering Google’s case under UK law. The deputy commissioner said “the requirement under the UK Data Protection Act is for a company to tell people what it actually intends to do with their data, not just what it might do at some unspecified point in future.”

“We would look to be taking similar actions to the other EU regulators if we all believed the same – that they were in breach of the Act [Data Protection Act],” an ICO spokesperson told TechWeek Europe.

“Our initial thoughts are that the privacy policy of Google, in wanting to simplify all these privacy policies into one document, may potentially make it too vague and also makes it difficult for individuals to identify what is going on with people’s data with the different products.

“We welcome any efforts made to help users better understand what’s happening with their data but also they have to put enough detail in there so they can actually give an accurate picture of what is going on.”

Google’s privacy policy came into effect on 1 March, despite criticisms. It rolled all of Google’s different privacy policies from its various offerings into one document, yet concerns were raised that Google would subsequently share user data across its services.

CNIL asked Google not to introduce the updated policy, but the tech giant went ahead anyway, arguing that delaying it would only confuse users, considering all the company’s marketing efforts.

Google, meanwhile, believes its changes will make users’ experience on its services more enjoyable.

“Our privacy policies have always allowed us to combine information from different products with your account – effectively using your data to provide you with a better service,” the company said in a blog post earlier this month.

“However, we’ve been restricted in our ability to combine your YouTube and Search histories with other information in your account. Our new Privacy Policy gets rid of those inconsistencies so we can make more of your information available to you when using Google.”

Think you know Google? Take our quiz to see how well you know the tech giant.