Google Must Improve Privacy Policies – ICO

Jay Decenella, IT audit expert
August 17, 2011 /

The Information Commissioner’s Office has urged Google Inc. to further improve its privacy policies and ensure that users are given more information about the privacy aspects of Google products.

In an audit of the company’s London office publicized yesterday, the privacy commissioner said Google has taken reasonable steps to improve its privacy policies in all necessary areas. The audit took place in July as part of the terms of an undertaking that Google signed in November 2010 following reports that its Street View cars had collected Wi-Fi payload data alongside the location mapping information which was the only aim of the project.

In December 2010, Connecticut Attorney General Richard Blumenthal released an ultimatum asking the search giant to turn over the collected payload data to his state until December 17, 2010, to which Google replied with cold shoulders.

On the other hand, Information Commissioner Christopher Graham, said the ICO is satisfied with the improvement that Google has made on its privacy procedures following the undertaking that was signed by Alan Eustace, Senior Vice President of Google, on November 2010.

Graham said: “All of the commitments they gave us have been progressed and the company have also accepted the findings of our audit report where we’ve asked them to go even further.

“The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO.”

Improvements made by Google include a Privacy Design Document, which subjects all new projects to an in-depth assessment to ensure that privacy is built in from the start; an internal privacy structure developed across all functions of the business that is said to enhance Google’s resource dedicated to privacy; advanced data protection training for all engineers; and enhanced training for all staff covering privacy and the protection of user data.

The ICO urged Google to develop a “Privacy Story” for all existing products, explaining how data will be managed in a new product.

“This should be used to provide users proactively with information about the privacy features of products,” the ICO said.

In addition, the privacy commissioner urged Google to prepare a Privacy Design Document for all of its projects, with processes that will ensure their accuracy and completeness “continue to be enhanced.”

“The core training for engineers should be developed to include specific engineering disciplines, taking account of the outcomes of the Privacy Design Document,” the ICO added.

The ICO’s audit complied with the Information Commissioner’s data protection audit methodology, the key elements of which include a desk-based review of relevant documentation, an on-site visit including interviews with staff and an inspection of selected records.

The on-site audit field work was undertaken at Google Inc. in London on 19 and 20 July 2011.

 

Share your opinion