It’s been a lengthy process for the search engine giant, ever since it consolidated it’s dozens of policies for various services in various jurisdictions into one overarching privacy plan back in March 2012.
The ICO found that the US company was too vague when describing how it uses personal data gathered from its web services and products. Now Google has signed a commitment to further amend its policy, interestingly with a view for any future changes, ensuring that the company doesn’t have to go through this sort of legal work all over again.
A raft of measures that look promising on the surface
The document – signed by Kent Walker, senior VP and general counsel of Google – is available here and includes a timeline of the company’s 2012 policy being enacted and the subsequent fallout.
The company has now vowed to address the ICOs concerns within two years, with some of the measures recommended having already been taken into account.
Amongst the measures it will take, Google has agreed to make it easier for customers to understand the process of how it stores data, and what it uses it for, by the end of June this year. It will also "provide information to enable individuals to exercise their rights."
It will also ensure that there is continued evaluation of the privacy impact of future changes to its processing of user data, to greater inform its customers.
The company is also going to attempt to better inform "passive users", which won't be straightforward to either do or evaluate. Passive users, in this case, are considered those using third-party services that are plugged into Google services, such as advertising.
Fair and transparent
“This undertaking marks a significant step forward following a long investigation and extensive dialogue,” said Steve Eckersley, head of enforcement at the ICO. “Google’s commitment today to make these necessary changes will improve the information UK consumers receive when using their online services and products.
“Whilst our investigation concluded that this case hasn’t resulted in substantial damage and distress to consumers, it is still important for organisations to properly understand the impact of their actions and the requirement to comply with data protection law. Ensuring that personal data is processed fairly and transparently is a key requirement of the Act.
"This investigation has identified some important learning points not only for Google, but also for all organisations operating online, particularly when they seek to combine and use data across services. It is vital that there is clear and effective information available to enable users to understand the implications of their data being combined. The detailed agreement Google has signed setting out its commitments will ensure that.”
Does it make a difference?
Of course alot of the main grievences in Europe behind online data relates the Safe Harbor agreement – between the EU and the US – The 'Right to be Forgotten' issue – which directly relates to Google – and other legislative enactments largely brought in by the US that can allow, often entirely devoid of transparency, mounds of personal data to travel across the Atlantic, in one direction.
And Google isn't out of the woods just yet. As Gigacom reports, there are more bumps coming down the line, including a big search antitrust case. However Google's agreement with the ICO is a big step the right direction, given that a large proportion of its undertakings involve greater informing the masses.
Google image via Shutterstock