The ICO has concluded that the updated policy “raises serious questions about its compliance with the UK Data Protection Act” and “does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.”
The damning report is the latest in a string of investigations by data protection protection authorities into Google over recent years – in 2011, French data privacy regulator the National Commission for Information Freedom (CNIL) fined the company €100,000 after it found its Street View cars were capturing unencrypted data from WiFi networks as they drove around.
In 2010 the company paid $8.5 million in a lawsuit when it was found to have automatically signed up Gmail users to Buzz, its new social network add-on, without permission, exposing their personal information. The platform was shut down earlier this year.
A survey by privacy campaign group Big Brother Watch in June found that two out of three of consumers believe that national regulators should do more to force Google to comply with existing regulations concerning online privacy and the protection of personal data.
“We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward."