By Claire West
Information Commissioner announces outcome of Google Street View investigation
Google UK will be subject to an audit and must sign an undertaking to ensure data protection breaches do not occur again or they will face enforcement action, Information Commissioner Christopher Graham said today.
The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK.
He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken.
The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with.
International data protection authorities that undertook in-depth investigations found fragments of personal data including emails, complete URLs and passwords.
Following the admission by Google that personal data had indeed been collected, and the fact that Google used the same technology in the UK, the Commissioner decided that formal action was necessary.
The Commissioner is also requiring Google to delete the payload data collected in the UK as soon as it is legally cleared to do so. The Metropolitan Police has indicated that they are not pursuing an investigation.
Information Commissioner, Christopher Graham, said:
"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.
"The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again — and to follow this up with an ICO audit.”