ICO audit finds improvements to Googles privacy policies
Submit Articles Back to Articles
Issued on 16 August 2011
Google Inc. has taken reasonable steps to improve
its privacy policies, the Information Commissioner’s Office (ICO) said
today, following an audit at the company’s London office.
The ICO’s audit – which took place in London
in July – was agreed as part of the terms of an undertaking that Google
signed in November 2010 after the company reported that its Street View
cars had collected WiFi payload data alongside the location mapping
information that was the stated aim of the project. The audit found
that Google has taken action in all of the agreed improvement areas.
The ICO has now asked the company to go further to enhance privacy,
including ensuring that users are given more information about the
privacy aspects of Google products.
Information Commissioner, Christopher Graham, said:
“I’m satisfied that Google has made good progress
in improving its privacy procedures following the undertaking they
signed with me last year. All of the commitments they gave us have been
progressed and the company have also accepted the findings of our audit
report where we’ve asked them to go even further.
“The ICO’s Google audit is not a rubber stamp for
the company’s data protection policies. The company needs to ensure its
work in this area continues to evolve alongside new products and
technologies. Google will not be filed and forgotten by the ICO.”
audit highlighted specific areas of good practice that Google has
• A Privacy Design Document,
meaning that all new projects undergo an in-depth assessment to ensure
that privacy is built in from the start.
• An internal privacy structure
has been developed across all functions of the business, meaning that
the resource dedicated to privacy has been enhanced – as well as its
visibility across the office.
• Advanced data protection
training for all engineers.
• Enhanced training for all
staff covering privacy and the protection of user data.
audit recommends that Google still needs to make improvements in some
• All existing products to have
a Privacy Story – an explanation of how data will be managed in a new
product. This should be used to provide users proactively with
information about the privacy features of products.
• Google should ensure that all
projects have a Privacy Design Document, and that processes to check
them for accuracy and completeness continue to be enhanced.
• The core training for
engineers should be developed to include specific engineering
disciplines, taking account of the outcomes of the Privacy Design
ICO’s audit was conducted in accordance with the Information
Commissioner’s data protection audit methodology. The key elements of
this are a desk-based review of relevant documentation, an on-site
visit including interviews with staff and an inspection of selected
records. The on-site audit field work was undertaken at Google Inc in London
on 19 and 20 July 2011.
An executive summary of the Google audit is
available on the ICO website here:
The undertaking that Google signed in November 2010
– and its accompany news release – can be found on the ICO website
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
- Environmental Information Regulations
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2011-08-18 10:43:07 in Computer Articles
All ICO Articles