Google admits breaching UK data privacy agreement
In May 2010, Google hit the headlines when it was revealed that street mapping cars had accidentally collected around 600GB of payload data from unsecured wireless networks around the globe.
The news caused a privacy storm and led to legal actions in numerous countries. In the United Kingdom, the Information Commissioner's Office (ICO) took a lenient approach, saying that while the activity “constituted a significant breach of the first principle of the Data Protection Act” it accepted Google’s explanation as to how collection had occurred. The agency was willing to take no action, provided the search giant deleted the data it had captured.
Google, facing detailed (and still ongoing) investigations elsewhere, was of course more than happy to comply. In December 2010, the company confirmed that all of the UK data had been wiped, and its deletion independently certified, bringing the matter to a close.
Or so we thought.
This morning, however, a letter from Google to the ICO revealed that the company was still in possession of a small portion of the payload data supposedly thought destroyed. An embarrassing admission not only for Google, but also for the ICO which received a ton of criticism from all directions for failing to properly investigate the matter in the first place.
While the obvious next step would be for Google to just delete the remaining data, the ICO has requested it be handed over to them for forensic analysis first, and hinted that some form of stricter action would come this time around. "We are in touch with other data protection authorities in the EU and elsewhere through the Article 29 Working Party and the GPEN network to coordinate the response to this development,” the agency says in a statement issued today.
“The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,” it adds.
Quite what this latest development means for Google remains to be seen, but the ICO does have the power to fine the company up to £500,000 should it decide this clear breach of the agreement warrants it.
Photo Credit: Elias Gayles