Google passes ICO audit but must make privacy improvements on all products
Google passes ICO audit but must make privacy improvements on all products

The Information Commissioner's Office (ICO) is to re-investigate Google after fresh evidence suggested that data collected for Street View was done with the knowledge of the internet giant.

As reported by SC Magazine in May, an investigation by the Federal Communications Commission (FCC) found that a Google engineer "intended to collect, store and review payload data for possible use in other Google projects", despite Google insisting that it did not initially know about the capability to collect data from unsecured WiFi networks.

In an open letter to Google senior vice-president Alan Eustace, Steve Eckersley, head of enforcement at the ICO, said software installed in the Street View cars used to capture the payload data over the internet was deliberately written in 2006 by an engineer who worked on the project.

“The engineer was not a full-time member of the team and he notified two other Google engineers that he was collecting the payload data and one of these was a senior manager. Engineer Doe also gave the entire Street View team a copy of the document in October 2006 detailing his work on the Street View project,” the letter said.

Eckersley said that after reviewing the FCC findings, it seems likely that such information was deliberately captured during the Street View operations conducted in the UK. He said this is a "different situation than was reported to us in April 2010" and the ICO was reopening its investigation.

The ICO said it is seeking to solve seven key dilemmas, among them: what personal and sensitive data was captured; at what point Google managers became aware of the type of payload being captured; and what measures were introduced to limit further data collection and details of the software.

It also asked for "a substantial explanation as to why this type of data was not included in the prepared data sample presented to and viewed by staff from the ICO" and "what measures were introduced to prevent breaches of the Data Protection Act at each stage of the Street View process".

The internet mammoth was investigated over the collection of data by its cars when photographing for its Street View service by information and privacy commissioners globally. In May 2010, it apologised for collecting the data, saying it was "clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] WiFi networks, even though we never used that data in any Google products".

In November 2010, the ICO decided that Google had breached the Data Protection Act over Street View, with information commissioner Christopher Graham then saying that the web behemoth had passed an audit but ordered it to make privacy improvements on all of its products. It did not face a monetary penalty.