Google could face legal sanctions over privacy policies
The move follows similar complaints to the US company last month from the equivalent organisations in France and Spain, and ratchets up the attention over its handling of the huge amounts of personal data that it collects from users every day.
Google has already been censured in Europe over its collection of Wi-Fi data, including usernames, passwords and web page viewing while collecting photos for its Street View system. Both European privacy authorities and US legislators have demanded clarification from the company about the data protection implications of its Google Glass head-mounted system, which can take pictures and video without onlookers knowing. It has also been implicated in a data-sharing row over the NSA's Prism program, which has collected information from a number of US companies including Google, Microsoft and Apple.
Meanwhile, the head of the powerful equivalent in Hamburg, Professor Johannes Caspar, announced that he will call Google into a legal hearing because the new policy "violates the company's commitment to full transparency about the use and handling of the data".
France and Spain wrote similar letters to the company in June, with France's CNIL threatening fines if it did not comply.
We have engaged fully with the authorities involved throughout this process, and we'll continue to do so going forward."
But a spokesperson did not explain how its policy could simultaneously respect European law and be the target of censure from five European privacy authorities.
Nick Pickles, director of privacy campaign group Big Brother Watch, said: "This is the latest confirmation that consumers are being kept in the dark about what data on us Google collects and how that data is used.
"Google ignored concerns its policy broke the law and put its profit before the legal rights of British citizens.
"The main issue is that sanctions must be strong enough to make Google take real action, rather than the previous meagre penalties that are seen as a cost of doing business. Regulators around the world must act to ensure concrete steps are taken to uphold peoples rights and stop Google routinely trampling on our privacy."
Google said in January 2012 that it would rewrite its privacy policies to unite them across its disparate sites such as YouTube, Maps, Shopping, Mail and Search so that people's data use would be unified. Despite warnings from the CNIL and others that the change might not be lawful, it implemented the change in March 2012.
If Google fails to comply, the ICO says it will be considered in contempt of court. It could then issue an enforcement notice through the courts. In an extreme case it could issue a £500,000 fine – though a spokesperson said it would need to show individuals had been harmed by the policy.