This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Google must delete Street View captured data by 16th July

Share this article:
Google passes ICO audit but must make privacy improvements on all products
Google passes ICO audit but must make privacy improvements on all products

Google has been given 35 days to delete data collected during the Street View incident, where data from unsecured WiFi networks was accidentally collected.

The Information Commissioner's Office (ICO) served Google with an enforcement notice over the collection of payload data by Google's Street View cars in the UK after it decided to reopen its investigation into the Google Street View project in April last year. With the enforcement notice served on 11th June, Google must comply by the 16th July.

The decision followed the publication of a report by the US Federal Communications Commission (FCC), which raised concerns around the actions of the engineer who developed the software previously used by the cars, and his managers.

While the ICO's investigation into whether Google's privacy policy complies with the Data Protection Act is on-going, its investigation found that the collection of payload data by the company was the result of procedural failings and a serious lack of management oversight including checks on the code. But the investigation also found there was insufficient evidence to show that Google intended, on a corporate level, to collect personal data.

The story began in May 2010, when Google apologised for collecting the data, saying it was 'clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products'.

The ICO made a decision that Google had breached the Data Protection Act over Street View, with information commissioner Christopher Graham then saying that Google had passed an audit but ordered it to make privacy improvements on all of its products.

Google escaped without a monetary penalty, but the case was reopened a year ago after it was suggested that Google engineers knew about the capability to collect data via Street View cars. Google responded by saying that it had made data available for analysis that ‘was representative of the payload collection', and rebuffed suggestions that data made available to the ICO for analysis was ‘pre-prepared'.

The ICO has now further warned Google that it will be taking ‘a keen interest in its operations' and will not hesitate to take action if further serious compliance issues come to its attention. Google provided assurances that the data has not been accessed and, like the other payload data collected, has not entered the public domain.

Stephen Eckersley, the ICO's head of enforcement, said that Google had failed to meet the level required to issue a monetary penalty despite the detriment caused to individuals by this breach.

He said: “Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further disks are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.

“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information. The punishment for this breach would have been far worse, if this payload data had not been contained.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...