View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 3, 2010

Google guilty of “significant breach” of Data Protection Act: ICO

But firm will not be fined for collecting sensitive info

By Steve Evans

The Information Commissioner’s Office (ICO) has ruled that Google committed a "significant breach of the Data Protection Act" when its Street View cars collected personal information while mapping the UK’s streets.

Google admitted during the summer that it has mistakenly collected data from unsecured Wi-Fi networks, without consent. The ICO investigated at the time but was satisfied that no "significant" personal data had been gathered. However Google recently admitted that its audit of the collected data revealed entire emails and passwords had also been collected.

"The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their Wi-Fi mapping exercise in the UK," an ICO statement said. "He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken."

Many had called for Google to be fined, but the commission has decided against that course of action. "The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with."

The ICO has ordered Google to delete the data it collected in the UK as soon as it is legally cleared to do so.

"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act," said information commissioner Christopher Graham. "The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."

Content from our partners
Powering AI’s potential: turning promise into reality
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline

Google has already issued a public apology for collecting the data. "I would like to apologise again for the fact that we collected [the data] in the first place," said Alan Eustace, senior VP, engineering & research at Google in a recent post on the company’s blog, adding that the company was "mortified" by the revelations.

The ICO added that The Metropolitan Police has indicated they are not pursuing an investigation.

Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU