If Google had expected praise for that simplification, it was to be sorely disappointed. Privacy advocates howled at what was seen as a whitewashing attempt for making more use of user-data, not helped by Google explicitly spelling out that it would be sharing personal information between services.
Such sharing was, in many cases, already permitted under the existing policies, though many did not realize. At the time, Google argued that it would open up more beneficial machine learning, such as automatically delivering tailored weather and news alerts when a Google Calendar entry showed an individual was traveling.
“The ICO found that [Google] was too vague when describing how it uses personal data gathered from its web products and services,” the ICO said today. “The ICO ruled that the new policy did not include sufficient information for service users as to how and why their personal data was being collected.”
Google has signed an agreement to bring its terms in line with the UK Data Protection Act, though there is no talk of penalties.
“Whilst our investigation concluded that this case hasn’t resulted in substantial damage and distress to consumers,” Steve Eckersley, Head of Enforcement at the ICO, said in a statement, “it is still important for organizations to properly understand the impact of their actions and the requirement to comply with data protection law.”
Google still faces several other angry governments, policy groups, and regulators in other European countries and abroad over its attitudes to privacy.