November 3, 2010

Google’s Street View Operation Committed “˜Significant Breach’ In UK

UK's information commissioner says that Google must promise to ensure data protection breaches are not repeated

The UK information commissioner, Christopher Graham, said this week that Google committed a "significant breach" of the Data Protection Act when its Street View application collected personal data from Internet users.

Graham said the company must sign an "undertaking to ensure data protection breaches do not happen again or it will face further enforcement action," according to The Guardian news agency.

Google has been ordered to delete the data it collected from users' Wi-Fi networks.  The culture minister, Ed Vaizey, said last week that the Metropolitan police had dropped its investigation into the breaches.

Graham said: "It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act (DPA).

"The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again "“ and to follow this up with an ICO audit."

He also said that Google would be subject to an official audit of its data protection practices in the U.K by the Information Commissioner's Office (ICO).

MP Robert Halfon told BBC that he was disappointed in the way ICO handled the situation with Google.

"The ICO failed to act when it should have done, despite the fact that Google staged a significant infringement of privacy and civil liberties, by harvesting millions of e-mails, wi-fi addresses, and passwords.

"Furthermore, the ICO has already proved that it lacks the technical expertise to audit Google's activity. What confidence can we have in their audit now? People feel powerless."

Google's global privacy counsel, Peter Fleischer, said in a statement: "We are profoundly sorry for mistakenly collecting payload data in the UK from unencrypted wireless networks.

"Since we announced our mistake in May we have cooperated closely with the ICO and worked to improve our internal controls. As we have said before, we did not want this data, have never used any of it in our products or services, and have sought to delete it as quickly as possible."

"We are in the process of confirming that there are no outstanding legal obligations upon us to retain the data, and will then ensure that it is quickly and safely deleted."

Privacy campaigners were angry with ICO's decision not to impose a financial penalty on Google, saying that Internet businesses may now be more apt to breach users' privacy.

Alex Deane, director of campaign group Big Brother Watch told the Guardian:   "Google should have been fined at the highest possible level. The information commissioner's failure to take action is disgraceful."

"Ruling that Google has broken the law, but then taking no action against it, shows the commissioner to be a paper tiger. The commissioner is an apologist for the worst offender in his sphere of responsibility, not a policeman of it."

"If Google can harvest the personal information of thousands of people and get off scot-free, then the ICO plainly has a contempt for privacy."

Last month, Google said it was "mortified" to learn it collected the personal information from Internet users' Wi-Fi networks.

The Internet giant is facing investigations in several countries around the world for the Wi-Fi data collection.

Street View is now available in 20 countries and allows users to walk through towns and cities using photos taken by the Street View cars.

Anyone who wishes for an image to be removed from this application can request so from Google.

The German government forced Google to allow people to opt out of the service before pictures went live.

Italy asked it to give citizens notice before mapping operations started, while the Czech Republic banned it from taking any more pictures.


On the Net: