Google can’t seem to keep out of the news lately.
First came the news of Google’s apparent failure to pay a more equitable slice of corporation tax on its profits: then came the breaking news of NSA’s surveillance operation Prism and Google’s reluctant release of ‘private’ data for the greater public good. Well Google is now under fire again on both sides of the Channel too. France and Spain have announced new investigations into the search giant’s handling of privacy matters. A
Authorities in the UK are stepping up their efforts to force Google to delete data that it shouldn’t have captured in the first place.
The UK Information Commissioner’s Office has given Google 35 days to delete private information it ‘mistakenly collected’ whilst taking pictures for its popular Street View service, or face criminal proceedings. However, unlike the U.S FCC, the ICO stopped short of imposing a fine on the search engine. [The FCC imposed a fine of $25,000 in April 2012]
Google Street View, which launched in 2007, has been one of the search company’s most ambitious projects to date.
Using specially-adapted cars, it created panoramic images of more than five million miles of the world’s roads. But during that process, it emerged that one unnamed Google engineer wrote a piece of software that allowed its cars to pull data from the unsecured Wi-Fi networks as it drove through towns and cities. The data included personal emails and other sensitive information. Google said it did not plan to collect this data, and that the engineer was acting independently. However, it later transpired that at least one senior manager at the company was aware the collection was taking place.
The Information Commissioners office reopened its investigations last year after further revelations about the data taken from Wi-Fi networks came to light. It was during this inquiry that additional discs containing private data were found. Google had previously pledged to destroy all data it had collected, but admitted last year that it had “accidentally” retained the additional discs. The ICO then told the search giant it must inform it if any further discs of information are discovered.
Speaking about the decision to force Google to delete the data, Stephen Eckersley, the ICO’s head of enforcement said:
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.”
However, unlike authorities in the US, the ICO confirmed that it would not be issuing a fine:
“The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty,” it said.
It concluded that the collection of the data in 2010 was due to “procedural failings and a serious lack of management oversight”, but agreed with Google’s assertion that the company did not order the actions at a corporate level.
In a statement last Friday, Google said:
“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn’t use it or even look at it.”
“We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data.”