Google broke UK privacy law, says ICO
The UK's privacy regulator has found Google’s Street View program has breached local privacy laws.
Collecting payload Wi-Fi data via its Street View fleet of cars was “a significant breach of the Data Protection Act,” the Information Commissioner's Office (ICO) said in a statement.
Google must now sign a binding undertaking not to break the law again, and submit to an audit of Google UK's data protection practices within nine months.
No fines will be levied for this breach, but the statement said the agency was “well placed to take further regulatory action if the undertaking is not fully complied with.”
Google will be required to delete all the collected data as soon as it is legally allowed to.
The search firm's employee training programs on privacy and security must also be upgraded, and all research project leaders must maintain a privacy design document that records how user data is handled.
ICO had closed its initial investigation in July, but re-opened the inquiry last month after Google admitted that some entire emails and passwords had been collected by the Street View fleet.
Privacy agencies in France and Germany are also continuing investigations. In contrast to the mild UK decision, these countries are expected to take a hard line, WSJ reported.
Google in May admitted to collecting reams of Wi-Fi packet data worldwide through its Street View fleet of camera cars, blaming forgotten code in a concurrent project to map public Wi-Fi networks.