Privacy Advisor

UK—ICO Confirms Investigation into Google's Privacy Policy

May 1, 2013


By Brian Davidson, CIPP/E

The ICO has confirmed that it has launched an investigation into Google's revised privacy policy to determine whether it is compliant with the UK Data Protection Act 1998.

The action follows an initial investigation by the French Data Protection Authority (the CNIL) on behalf of the wider EU Article 29 Working Party Group, of which the ICO is a member. Several national data protection authorities across the EU are now considering whether Google's revised privacy policy, implemented in March 2012, is now compliant with their own national laws.

A press statement issued by the CNIL on April 2 indicates that following a meeting between Google and the data protection authorities (DPAs) of France, Germany, Italy, the Netherlands, Spain and the United Kingdom on March 19, the DPAs found that Google had not implemented the recommendations they consider necessary to make Google's revised privacy policy compliant with the EU Data Protection Directive 95/46 EC.

The CNIL statement indicates that it is now up to each national DPA to carry out further investigations according to the provisions of their own national law transposing the EU Directive. It is understood that all of the aforementioned six authorities, including the ICO, launched actions on April 2.

The investigation centres around Google's decision to change its system to create a uniform set of privacy policies for more than 60 products, resulting in criticism from some DPAs and consumer advocates over the company’s collection and use of personal data.

Brian Davidson, CIPP/E, is a privacy and information advisor at Field Fisher Waterhouse, LLP.