Google must delete all the remaining WiFi data gathered by its Street View cars by 25 July, or face a possible contempt of court action. However, the firm has avoided a fine from the Information Commissioner’s Office (ICO) in the latest twist in the long-running saga.
ICO head of enforcement Stephen Ecklersley said the action was designed to place a final warning on Google over its requirements under UK law.
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days,” he said.
“[It must also] immediately inform the ICO if any further disks are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.”
The ICO confirmed to V3 the data must be deleted by 25 July.
Google admitted some data had not been deleted and remained on its disks last July while new evidence came to light from the Federal Communications Commission (FCC) that the search giant knew more about the collection of data by its Street View cars than it had originally claimed. This prompted the ICO to reopen its investigation.
Reporting its latest findings, the ICO said its investigation found “the collection of payload data by the company was the result of procedural failings and a serious lack of management oversight including checks on the code”.
However, it also concluded there had no been deliberate intention to collect the data at any senior level. The ICO also said that because the data gathered had not been at risk of being accessible at any time there was no scope for a fine.
Ecklersley chided Google over the whole incident, though, highlighting the matter as an example of the sorts of things that can go wrong when firms do not consider data protection concerns.
“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information,” he said. “The punishment for this breach would have been far worse, if this payload data had not been contained.”
Google reiterated its stance that the data gathered was never used and said it accepted the ICO’s findings.
"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.
“We cooperated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."
The head of communication, media and technology law at CMS, Chris Watson, said that the lack of a fine for Google undermined the ICO’s authority.
“The regulator has teeth but it doesn’t look as if he is prepared to use them,” he said.
“This is worrying because requiring proof of damage before imposing penalties goes against the whole spirit of effective enforcement of these rules.”
The action taken by the ICO is notably lighter than in other nations such as Germany where Google was fined £124,000 for its data gathering from the Street View cars.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal