A Search (Engine) for Enforcement? (Yes, Google again…sigh.)

In a move apparently carefully designed to hurt this blog’s rankings in the leading search engine algorithm, Panopticon must – yet again – note Google’s noble efforts to single-handedly ensure the development of data protection and privacy law.

Robin Hopkins has noted the AG’s Opinion on Google and the right to be forgotten case. I have noted the enforcement action taken by the ICO against Google in relation to the data harvested by its Street View cars.

Readers with marginally longer memories (or an expert search engine) may recall my blogging that on 20 June the French data protection agency issued a statement in relation to its investigation into Google’s privacy policy, announcing that it was taking enforcement action following a Europe-wide series of investigation which the French had spearheaded. I noted that the ICO had yet to announce its own decision.

Well, on 4 July, the ICO did announce its decision. It too has written to Google to inform the company that its privacy policy raises serious questions of non-compliance with the Data Protection Act 1998 and Google has been given until 20 September to amend the policy in a compliant manner or face formal enforcement action.

The ICO’s press release is here, and the text of their announcement is:

“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.

In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”

Google’s core values famously included the phrase “Don’t be evil”. Potential breaches of the DPA are perhaps not quite in that league (or at least, not usually), but Google is certainly having a difficult time finding its way through the DPA thicket. If only they could just Google the answer…

Christopher Knight