Information Commissioner's Office
Printable version E-mail this to a friend

ICO update on Google Privacy Policy

An ICO spokesperson said:

“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.

“In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”

On background

The Information Commissioner’s Office (ICO) has taken today’s action after working with the other members of the Article 29 Working Party, made up of the other 27 data protection authorities from across Europe. Similar announcements have recently been made by several other data protection authorities, including those in France and Spain. We will continue to co-ordinate our efforts to ensure that people’s privacy rights are respected.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO regulates the Data Protection Act 1998, the Freedom of Information Act 2000, the Privacy and Electronic Communications Regulations 2003 and the Environmental Information Regulations 2004.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

4. There are a number of tools available to the ICO for taking action to change the behaviour of organisations that collect, use and keep personal information. Further details can be found on the taking action page of our website.

5. There are eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure 
  • Not transferred to other countries without adequate protection


Free, Secure, Compliant UK Public Sector IT Recycling Service