View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 3, 2010

Google guilty of “significant breach” of Data Protection Act: ICO

But firm will not be fined for collecting sensitive info


The Information Commissioner’s Office (ICO) has ruled that Google committed a "significant breach of the Data Protection Act" when its Street View cars collected personal information while mapping the UK’s streets.

Google admitted during the summer that it has mistakenly collected data from unsecured Wi-Fi networks, without consent. The ICO investigated at the time but was satisfied that no "significant" personal data had been gathered. However Google recently admitted that its audit of the collected data revealed entire emails and passwords had also been collected.

"The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their Wi-Fi mapping exercise in the UK," an ICO statement said. "He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken."

Many had called for Google to be fined, but the commission has decided against that course of action. "The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with."

The ICO has ordered Google to delete the data it collected in the UK as soon as it is legally cleared to do so.

"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act," said information commissioner Christopher Graham. "The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

Google has already issued a public apology for collecting the data. "I would like to apologise again for the fact that we collected [the data] in the first place," said Alan Eustace, senior VP, engineering & research at Google in a recent post on the company’s blog, adding that the company was "mortified" by the revelations.

The ICO added that The Metropolitan Police has indicated they are not pursuing an investigation.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy