Specifically, the ICO said it is unhappy about the level of information Google is providing users about how their data is being used. In a statement, a spokesperson said:
“In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.
The watchdog confirmed to TechCrunch its three main areas of concern — namely that Google needs to provide more information about how it processes users’ personal data; that Google needs to inform users specifically what their personal data is being used for so they fully understand the implications of using Google’s services; and that it must inform users when their personal data is being retained in a way they might not expect.
Here are the ICO’s three areas of concern in full:
Reasonable expectations and sufficient information
Google must comply with the first principle and provide further information in the policy with regards to the manner in which it processes personal data.
Google must comply with the second principle and further define and specify the purposes for which personal data is processed to allow users, regardless of their status, to understand in practice what the implications of using the services are.
Retention of data
Google must, in order to ensure processing is fair and in compliance with the first principle, give service users sufficient information where retention of personal data might exceed service users’ reasonable expectations.
“That’s for serious breaches of the data protection act that cause, or have the potential to cause, substantial damage and distress,” the spokesman added.
“France has also put a legal order in place on its recommendations so if they don’t comply with ours by the 20th of September there will also be problems across Europe,” the spokesman added.