back to article UK data cops to Google: You've got three months to sort out privacy

Google has been ordered by Britain's data watchdog to make changes to its privacy policy within the next three months, or else face a possible fine for failing to comply with the Data Protection Act. The Information Commissioner's Office said late on Thursday: We have today written to Google to confirm our findings relating …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Seems perfectly clear to me

    Google will aggregate your data anyway they want in order to serve you ads they think you will click on…

    Oh, and keep it available in case the NSA wants it.

  2. This post has been deleted by its author

  3. h 2

    Take down order

    Surely if they are breaking the law with their system, there should be a take down order raised.

    Or am I forgetting they pay lots of cash to the UK..... er..... no they don't

    1. Matt 21

      Re: Take down order

      Exactly. The police don't say to me "We're not sure you're in compliance with the law as you appear to be doing 70mph in a 30mph limit. We've investigated and we feel that if you don't change your ways in the next month we'll speak to you again".

  4. Khaptain Silver badge

    Chocolate Security

    Since the NSA now seem to pOwn Google et el , I would be very surprised to see Google cowtow to the UK govt.

    I doubt that David Cameron has balls ( no, not Ed) that are required to face up to the Google factory.....

    France on the other hand are competing against the good ol USA for spying supremecy so it is definately in their interest to "annoy" Larry and friends.

    Why don't we have a decent European search engine. Something that the yanks don't govern and that the Brits won't sell out to them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Chocolate Security

      "Why don't we have a decent European search engine. Something that the yanks don't govern and that the Brits won't sell out to them."

      I don't think it would make any difference as they all seem to be at it, probably at the orders of the Bilderberg Group.

      1. LinkOfHyrule

        Re: probably at the orders of the Bilderberg Group

        That's just a drinking club - they get together, have a natter and play some darts! Maybe even a bit of wii Sports Bowling if Peter Mandleson remembers to bring it!

        Na if anyone is doing any new world ordery stuff like that, they'll be in the secrete bunker with an army of evil elves and a shark infested swimming pool at their disposal.

    2. plrndl
      Thumb Down

      Re: Chocolate Security & European search engine

      If we had a european search engine, it would store ALL your data forever, and charge you for so doing. It would ban all links to anything that any MEP thinks might upset any of his potential voters and anything that might give you a clue what all those who ride the EU gravy train do with their time and your money.

      If you're paranoid about what the yanks might do with your data, you should be 10x more paranoid about what the (too many) local law makers do.

      1. Anonymous Coward
        Anonymous Coward

        Re: Chocolate Security & European search engine

        Odd, I think you'll find it's the EU kicking more of a shitstorm over Data Protection then nearly every other country.

        I vote for a German based search engine.

        1. Anonymous Coward
          Anonymous Coward

          Re: Chocolate Security & European search engine

          I vote for a German based search engine.

          Provided it gives rezultz back with ee funny German akzent.

  5. Crisp

    Time for a little less bark and a little more bite

    Google isn't going to take data protection seriously until the Information Commissioner's Office does.

    1. Anonymous Coward
      Anonymous Coward

      Re: Time for a little less bark and a little more bite

      More simply, it is time for governments to write the privacy policies themselves. It is absurd to leave it to the companies to do it, then complain by saying "We don't like it as it is, please fix it somehow in the next three months".

  6. Frankee Llonnygog

    Commission Nationale de l’Informatique et des Libertés

    Wow - in French, even bureaucracy sounds sexy!

  7. Anonymous Coward
    Anonymous Coward

    What's the problem?

    Really don't know what the deal is here. The new single privacy policy is actually very well worded, it's very clear from reading it how my data is used within Google to target ads, and that my details aren't being sold to anyone else. It's much less confusing that the old system, where each Google service had it's own privacy policy.

    I wish the ICO would just curl up and die personally. The only gift they seem to have given me, is now every focking website pops up an intrusive banner asking for my permission to store cookies, and then stores my response to that popup/banner in a cookie. Most sites the popup banner fails to work properly (like here, where it tries to dock itself to the bottom on mobile browsers, and usually fails spectacularly) I wouldn't trust the ICO to tie my shoelaces, let alone anything more complicated than that.

    1. Anonymous Coward
      Anonymous Coward

      Re: What's the problem?

      The new single privacy policy is actually very well worded, it's very clear from reading it how my data is used within Google to target ads, and that my details aren't being sold to anyone else. It's much less confusing that the old system, where each Google service had it's own privacy policy.

      Oh, it's beautiful prose, but it doesn't take away the fact that it quite simply does not address the fact that Google has been breaking EU Data Protection laws from even before this change in policy. They had the chance to go "legit" with this policy by declaring the parts to be offlimit which they have by law no right to, but the simplification only made it clear that there were no plans in this direction.

      When the EU collectively started to wake up to the fact that Google wasn't just a bit into a grey zone with what they did, but was actually simply ignoring the very existance of EU Data Protection laws, Google announced work on a new policy. The EU held back until said policy eventually appeared - which sucked.

      The EU gentle prodded Google about this, nothing happened. In October 2012, the EU then lobbed a collective letter to them from 27 different countries - Google ignored them completely (well, not quite, all of a sudden Europe was awash with Google lobbyists - but there was no substantive change in their completely ignoring the existence of EU law which gave not exactly a trivial appearance of arrogance).

      Now, the time has passed. I'm sure there will be lots of (possibly Google sponsored) apologists posting messages of doom and reminding us how humanity has changed and how the Messiah Larry has cometh through Google (sorry, I'll reign in my sarcasm) but the raw fact remains that Google is breaking EU law and has to answer for that.

      Personally, I think fines should be a percentage of turnover. 0.5M in any currency is not going to do more than deprive Google of a weeks worth of fuzzy drinks, but 27 countries each fining them 5% of turnover could create a fairly fat annual minus..

      1. adminspotting
        Alert

        Re: What's the problem?

        ITYM "rein". Unless you're the Queen,.

    2. Pseu Donyme

      Re: What's the problem?

      The problem is that Google, in essence, sees fit to collect whatever it can get, use it however it pleases, keep it as long as suits their fancy and give (trade / sell) the information to whoever it chooses*. This is incompatible with the EU data protection regime which requires consent to data collection and use, and a detailed description of the same as a basis of such consent (i.e. there can't be meaningful consent without the details).

      * a casual reading of the privacy policy may indeed leave one with an impression akin to that in the OP, however, taking a closer look reveals that pretty much every restriction comes with a loophole to negate it, some of these are explicit, others exist because of vague or completely omitted defintions of key terms

      1. Anonymous Coward
        Stop

        Re: What's the problem?

        @Pseu Donyme

        Did you read the same Google privacy policy as I did?

        http://www.google.com/policies/privacy/

        It's all very reasonable. They aren't going to SELL my details about everything I have bought, visited, listented to a watched to anyone. However they will use that data to show me adverts and company can buy adverting slots to show me those adverts.

        I get alot of really good free stuff from Google, and am perfectly happy with the "what I give up for what I get back" deal. It's a mutually beneficial deal.

        If you don't like it, you can delete all your Google data and go elsewhere.

        https://accounts.google.com/b/0/DeleteAccount?hl=en

        1. Anonymous Coward
          Anonymous Coward

          Re: What's the problem?

          It's all very reasonable.

          You really need to improve your analytical reading skills then, and maybe your knowledge of EU privacy legislation.

          Two tips:

          1 - standard contract constructions apply: the early part giveth, the later parts taketh it away.

          2 - check how they skirt problems, such as the explicit permission requirement for sensitive data.

          You will see fairly glorious declarations upfront, but when go progress through the document you will find that they really impose the minimum possible restrictions on what they can do. A classic example is the vague description of partner and supplier. read it properly. Anyone can get your data as long as they have even the most tenuous interaction with Google, which could include the bloke who sells ice cream in front of the building at 3 PM.

          Yes, Google is good at delusions and digressions, and that's exactly what the EU has told Google to stop. The EU wants Google to write really cleartext, and to implement an approach that follows EU law.

        2. Pseu Donyme

          Re: What's the problem?

          >Did you read the same Google privacy policy as I did?

          Of course. And therein lies the problem: as it is, the privacy policy is so wide open to intepretation that your and mine above are both possible. Hence it is not sufficiently detailed to be the basis of meaningful consent.

          With Google you can't ultimately go elsewhere (never mind delete your data): their ads and Google Analytics cover most of the intenet and mean data collection on a vast scale without user consent (or even knowledge for the vast majority of users). They admit using the former for profiling (i.e targeting ads), whether they combine what they get from the latter to the profile is unclear (which is one of the many omissions in the privacy policy and/or a problem with their MO in general).

        3. Anonymous Coward
          Anonymous Coward

          Re: What's the problem?

          If you don't like it, you can delete all your Google data and go elsewhere

          1 - Google collects data on anything that moves on the Net. Google statistics, Google fonts, G+ buttons - the works. The difference between having an account and not having an account is that a recorded behavioural chain gets a confirmed owner, and more data can be grabbed (the attempts at getting your phone number "in the name of security" are a way to get your real name versus what they have on record for you). Targeted advertising still happens, with or without your permission.

          2 - so far, we only have Google's word for this (and I have a feeling that this "delete yourself" concept was not exactly a Google management idea, but internal skunkworks that got too much attention). There is every possible chance that if you were to send a truly independent monitor in you'd get an "oops, we did it again" from Google, followed by frantic attempts to explain that away as a mistake and lobbying to stop any resulting fine being larger than a day's worth of petty cash.

          I believe absolutely nothing coming from Google unless confirmed by a truly independent 3rd party. There is far too much money at stake to give them the benefit of the doubt, and they are already a repeat offender of privacy laws.

  8. Anonymous Coward
    Anonymous Coward

    suitable mis-quote from Team America World Police:

    ICO: I'm sorry, but the gov must be firm with you. Let me in, or else.

    Google: Or else what?

    ICO: Or else we will be very angry with you... and we will write you a letter, telling you how angry we are.

  9. Andy Fletcher

    I don't get it either

    They made the terms simpler and clearer. I actually understand them now, which I didn't before, by dint of the fact that (like I assume 99.9% of people) I wasn't going to read several pages of legal jargon before using their search engine. Making things more complex hardly ever improves them.

    And yes, that cookie nonesense is simply ridiculous. Complete waste of a lot of time.

    1. plrndl
      Joke

      Re: I don't get it either

      I keep telling them that I don't want their cookies, but they still ask me every time.

    2. Anonymous Coward
      Anonymous Coward

      Re: I don't get it either

      It doesn't matter how beautiful the letter is that you write to the court, you will still get done for speeding.

      The EU is not after Google for spelling mistakes in their policy, it has repeatedly asked Google to start following UK law. The clearer policy has only demonstrated more cleanly that they were quite simply ignoring EU data protection law, even after repeated warnings. Personally, I think they should fine the screaming crap out of them, it's not like they didn't have enough warning by now.

  10. Anonymous Coward
    Anonymous Coward

    possible fine...

    1.

    ICO threatens Google with a fine

    2.

    Google allocates appropriate monies to pay the fine, i.e. £30,000 - previously allocated to "GOOGLE for Britain Project".

    3.

    ICO fines Google £7,536 for "non-compliance"

    4.

    ICO issues a statement: "Today marks yet another great day for the consumer, as our Office has, once again, shown the companies that English that laws must be strictly adhered to and any violation, be it intentional or otherwise shall be met with severe enforcement measures

    5.

    Google pays the fine

    5.

    Google issues a statement: Google does and always has been in full compliance with all local laws and regulations in the UK and is always keen to work with national compliance bodies in full support of this position

    6.

    wash, rinse, repeat

    1. Fred Flintstone Gold badge
      Big Brother

      Re: possible fine...

      Traditionally, this should then end with:

      7.

      Profit!

  11. Anonymous Coward
    Anonymous Coward

    Correction

    Watchdog? You mean watch-hamster, don't you?

    1. Intractable Potsherd

      Re: Correction

      No, hamster isn't right, either - have you ever been bitten by a hamster? They hurt and draw blood very effectively. I'm not sure what member of the animal kingdom would be a suitable descriptor for the ICO - watch-earthworm? Watch-woodlouse? Maybe we have to go to other branches of evolution. Watch-fungus, maybe?

  12. Anonymous Coward
    Anonymous Coward

    Hah!

    Like the UK have any moral high ground when it comes to privacy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hah!

      Like the UK have any moral high ground when it comes to privacy.

      Irrelevant. Break the law, get fined. Simple. "But your honour, YOU sleep with underage girls" is not a valid defence, even if it's true.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hah!

        I was thinking more along the lines of the whole GCHQ thing as of late.

  13. Anonymous Coward
    Anonymous Coward

    I'm more worried about the countries not mentioned in the article.

    Is it only a handful of the European countries that are reacting to this?

    Are we only getting the big players mentioned?

    Is the EU doing a collective thing, with a few governments posing to make it seem that their doing more than others?

    And I realise some of these are somewhat clear in the article, but could someone humor me?

    1. Anonymous Coward
      Anonymous Coward

      You want to read the original warning.

      What is especially spectacular is the long list of signatures of the actual letter, (also linked at the bottom of the above publication), it gives you the actual participating countries. Note that some were added in handwriting later.

      That is when Google had the chance to sort it out at once. Instead, they ignored it. The problem is that they have already been in the dock once with Steetview, so Google will now be seen as serial offender who arrogantly ignores EU law. I suspect that will have grave consequences.

      1. Anonymous Coward
        Anonymous Coward

        I thank you good sir - have my upvote! (Good to learn that ones country is actually on the list)

This topic is closed for new posts.

Other stories you might like