Commissioner Graham finds Street View broke law
Government watchtdog finds search engine giant of unlawful Street snooping in private data dredge
ECM Plus – The UK Government Information Commissioner has found search engine behemoth Google will be subject to audit and must sign an undertaking not to breach data protection laws again.
The Information Commissioner further stated that if the search engine company were to undertake such an unlawful data breach in the UK again, they would ‘face enforcement action’ the ICO said in a statement.
Commissioner Christopher Graham said: “…there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK.”
Commissioner Graham has instructed Google to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again.
Furthermore, in light of the breach of data protection, an audit of Google UK’s Data Protection practices will also be undertaken.
However, the Information Commissioner rejected calls for a financial penalty to be imposed on the search engine giant, but said that it was ‘well placed to take further regulatory action if the undertaking is not fully complied with.’
According to the ICO statement, iInternational data protection authorities that undertook in-depth investigations into Google’s activities found fragments of personal data, including emails, complete URLs – and passwords.
ICO said that following the admission by Google that personal data had indeed been collected, and the fact that Google used the same technology in the UK, the Commissioner decided that formal action was necessary.
Commissioner Graham is also requiring Google to delete the payload data collected in the UK as soon as it is legally cleared to do so.
Information Commissioner, Christopher Graham, added: “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.”
Said Graham: “The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”