The European Union has told Google it must rewrite the policy by September 20 or face legal ramifications, from a contempt of court charge to a potential £500,000 fine.
Implemented in March 2012, the then-new policy covered all Google products, rather than there being a set of Ts, Cs and data guidelines for each separate entity - previously there had been one for Google Maps, another for Gmail, a third for Drive and so on until the end of time.
What sounded fairly straightforward in principle has proven to be a huge bugbear for privacy watchers and data protectioneers, with many complaining that it's not clear to users where and how their data can be (and is) used by Google.
The UK's Information Commissioner's Office (ICO) now says that the policy raises "serious questions" about whether or not Google is complying with the UK's Data Protection act because of how it shares your information across products.
It adds that the company has "engaged fully" with authorities throughout the fifteen-month investigation into the policy changes and will "continue to do so".
Of course, "respecting" European law isn't the same as "abiding by", and "engaging fully" with authorities isn't the same as "obeying".
In these post-Prism times of heightened privacy concerns, Google is treading a fine line. Not only was it name checked in the Prism documents that showed the tech companies passing user information to governments, it also has a fight on its hands regarding the potential intrusiveness of its Google Glass device.
But whether Google will bow to the EU's demands by September 20 is another matter; it sounds to us as though the company is prepared to fight its corner and accept the consequences.
From The Guardian