Street View car

Google could be facing another ICO investigation into its Street View cars after a report claimed the company knew all along that it knew it could harvest personal information from unsecured Wi-Fi networks throughout the UK.

The report, carried out by the US Federal Communications Commission (FCC) and published earlier in May, rubbished claims from Google that its software had "mistakenly" gathered personal information such as passwords, emails and more from unsecured Wi-Fi connections.

The FCC report found that the engineer behind the software had circulated its data-gathering capabilities to at least two Google colleagues, including a senior manager, on two occasions. One senior manager pre-approved the engineer’s plans, according to the report.

"Engineer Doe [the name given to the anonymous Google software engineer] intended to collect, store and review payload data for possible use in other Google projects," the report said. Google had previously said it was "mortified" when it discovered it had "mistakenly included code in our software that collected samples of payload data from Wi-Fi networks."

The FCC fined Google $25,000 – not for collecting the data, which it said did not break US laws, but for "wilfully and repeatedly" obstructing its investigation.

The Information Commissioner’s Office (ICO) has already carried out one investigation into Google Street View. In November 2010 it found Google guilty of a "significant breach of the Data Protection Act" but refused to fine the company. It insisted that all personal information collected by Google Street View cars had to be deleted.

Now however the ICO has suggested that it will look into the case again, following the FCC report. "We are currently studying the FCC report to consider what further action, if any, needs to be taken," it said in a statement.

"Google provided our office with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of Wi-Fi data by their Street View cars. This included a provision for the ICO to audit Google’s privacy practices. The audit was published in August 2011 and we will be following up on it later this year, to ensure our recommendations have been put in place," the statement added.

The ICO was heavily criticised by privacy groups for its reaction to the incident. In an open letter Privacy International, NO2ID, Big Brother Watch, Action on Rights for Children and the Open Rights Group, questioned whether the ICO was still fit for purpose following the decision not to take action.