Further action for Google over Wi-Fi data collection
- GP surgery manager prosecuted for illegally accessing patients’ medical records
- ICO warns marketing rules must be kept to during lead up to Scottish referendum
- Temporary workers still require adequate data protection training, warns ICO
- Private investigators convicted of unlawfully obtaining personal information
- International enforcement agencies join forces to thwart caller identification spoofing
News release: 21 June 2013
The Information Commissioner’s Office (ICO) has served Google Inc with an enforcement notice over the collection of payload data by Google’s Street View cars in the UK.
Stephen Eckersley, ICO Head of Enforcement, said:
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further disks are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.”
The ICO’s decision follows the reopening of its investigation into the Google Street View project in April last year. The decision followed the publication of a report by the US Federal Communications Commission (FCC), which raised concerns around the actions of the engineer who developed the software previously used by the cars, and his managers.
The ICO’s investigation found that the collection of payload data by the company was the result of procedural failings and a serious lack of management oversight including checks on the code. But the investigation also found there was insufficient evidence to show that Google intended, on a corporate level, to collect personal data.
The ICO has concluded that the rationale for its original decision in 2010 to issue Google with an undertaking and carry out a consensual audit remain the same. But the ICO has also this week warned Google that it will be taking a keen interest in its operations and will not hesitate to take action if further serious compliance issues come to its attention.
When reaching today’s decision, the ICO also considered the discovery of additional disks containing payload data, which were located by Google while the reopened ICO investigation was in progress. Google has provided assurances that the data has not been accessed and, like the other payload data collected, has not entered the public domain.
Based on a detailed investigation, including an analysis of the data Google has recorded, the ICO has concluded that the detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty.
Stephen Eckersley, ICO Head of Enforcement, continued:
“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information. The punishment for this breach would have been far worse, if this payload data had not been contained.”
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO regulates the Data Protection Act 1998, the Freedom of Information Act 2000, the Privacy and Electronic Communications Regulations 2003 and the Environmental Information Regulations 2004.
4. There are eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070.