Google must delete remaining data "mistakenly collected" from WiFi networks to avoid criminal proceedings, says the Information 's Office (ICO). The issue highlights the importance of ensuring your WiFi network is secure in order to avoid snooping.
The ICO did not impose a fine on Google, but has told the search giant that it must inform the regulator if any further disks of information are found.
Google's Street View, was launched in 2007, and used specially-adapted cars to create panoramic images of more than five million miles of roads around the world. During the process, a Google engineer wrote a piece of software that collected data from unsecured WiFi networks encountered as the car drove through towns and cities … data which included personal emails and other sensitive information. According to Google, it did not plan to collect the data and the engineer was acting independently. It was later revealed that at least one senior manager was aware the collection was taking place.
The ICO reopened its investigation last year, during which additional disks containing private data were found despite Google's pledge that all such data would be destroyed. The company said that the disks had been retained accidentally.
Stephen Eckersley, the ICO's Head of Enforcement, said: "Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found." The regulator said in a statement "The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty," concluding that the collection of the data three years ago was due to "procedural failings and a serious lack of management oversight". It conceded that Google did not order the collection or retention of the data at a corporate level, an assertion agreed with by various regulators around the world. The ICO did say, however, that failure to abide by the notice will be considered as contempt of court, which is a criminal offence.
In a statement, Google said: "We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it. We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."
In the US last year, the Federal Communications Commission (FCC) fined Google $25,000 (£15,700), having found that data had been discovered in 30 countries, including "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".
