Google has been praised by the Information Commissioner's Office (ICO) after an audit of its UK office.
Following the decision that Google had breached the Data Protection Act over Street View, information commissioner Christopher Graham said that the ICO would not issue a monetary penalty but Google would be required to undertake an audit that took place this July.
Google breached the Data Protection Act by accidentally collecting personal user activity from unsecured WiFi networks when it was recording images in its Street View cars. It was subsequently investigated by information and privacy commissioners around the world with varying results, including fines, lawsuits and apologies.
The ICO audit found that Google had taken action in all of the agreed improvement areas. Google has been asked to go further to enhance privacy, to include ensuring that users are given more information about the privacy aspects of Google products.
Google has developed a privacy design document to ensure that all new projects undergo an in-depth assessment to ensure that privacy is built in from the start, as well as ensuring advanced data protection training for all engineers and staff covering privacy and the protection of user data.
Also, an internal privacy structure has been developed across all functions of the business, meaning that the resource dedicated to privacy has been enhanced, as well as its visibility across the office.
Graham said: “I'm satisfied that Google has made good progress in improving its privacy procedures following the undertaking they signed last year. All of the commitments they gave us have been progressed and the company have also accepted the findings of our audit report where we've asked them to go even further.
“The ICO's Google audit is not a rubber stamp for the company's data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO.”
The audit also recommended that Google make some privacy improvements, including making sure that all projects have a privacy design document and processes to check them for accuracy and completeness.
The ICO recommended that all existing products have a ‘privacy story', an explanation of how data will be managed in a new product that should be used to proactively provide users with information about the privacy features of products.
Finally, the core training for engineers will be developed to include specific engineering disciplines, taking account of the outcomes of the privacy design document.