The firm must make it easier for users to find out how their data is collected and what it is used for and submit to a two-year review.
Among other clarifications, Google will have to include information about who may collect “anonymous identifiers” – which are similar to cookies – and the purposes to which they put that data.
It will also be made to ensure that “passive users are better informed about the processing of their data”. The ICO defines passive users as people who use Google, but who are not signed in.
It will also provide “unambiguous and comprehensive information regarding data processing, including an exhaustive list of the types of data processed by Google and the purposes for which data is processed”.
The deal follows an investigation by the regulator. Similar reviews are continuing elsewhere in Europe.
It is understood that Google will seek to strike a similar deal with other European regulators.
The Information Commissioner’s Office (ICO) found that Google was “too vague when describing how it uses personal data gathered from its web services and products”.
It was joined by other data regulators, which form the European Article 29 Data Protection Working Party.
Google has until 30 June 2015 to implement the changes and it is believed it will roll out a single policy across the European Union in order to satisfy each of the regulators that opened investigations.
It has also dropped appeals related to investigations being undertaken by the French and Spanish watchdogs.
“This undertaking marks a significant step forward following a long investigation and extensive dialogue,” said Steve Eckersley, the ICO’s head of enforcement.
He added: “Whilst our investigation concluded that this case hasn’t resulted in substantial damage and distress to consumers, it is still important for organisations to properly understand the impact of their actions and the requirement to comply with data protection law.”