U.K. regulator gives Google 35 days to scrap its remaining Street View data

If the company doesn't, legal action might be taken

A U.K. regulatory group is giving Google 35 days to delete what remains of the data collected by its Street View cars in the U.K., and is using the threat of legal action to compel the company to comply.

The request, which was served to Google in the form of an enforcement notice from the Information Commissioner's Office, the U.K. government's data and privacy regulator, follows a reopening of an investigation into Google's Street View project.

In 2010, that investigation revealed "a significant breach of the Data Protection Act," when Google Street View cars collected payload data through the company's Wi-Fi mapping efforts in the U.K., by scraping personal data including emails, URLs and passwords.

Google agreed to delete the payload data following that investigation, but when reaching today's decision, "the ICO also considered the discovery of additional disks containing payload data, which were located by Google while the reopened ICO investigation was in progress," the group said Thursday in a statement.

"Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further disks are found," the ICO said.

"Failure to abide by the notice will be considered as contempt of court, which is a criminal offense," the ICO said.

Google claims to be cooperating. "We work hard to get privacy right at Google," a spokeswoman said in a statement. "But in this case we didn't, which is why we quickly tightened up our systems to address the issue."

"We cooperated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data," the company said.

"The project leaders never wanted this data, and didn't use it or even look at it," the spokeswoman added.

Based on the ICO's investigation, the breach failed to meet the level required to levy a financial penalty, the ICO said.

That assessment differs somewhat from that of German regulators, who levied a fine of €145,000 (US$190,000) against Google in April for the company's gathering and storing of emails, photos, passwords and chat protocols from unprotected Wi-Fi networks using Street View cars.

In the U.S., Google has already entered into a settlement to pay $7 million related to complaints from dozens of states about unauthorized collection of personal data transmitted over Wi-Fi networks.

Google must be very careful about how it collects data going forward, according to the ICO.

"The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information," said Stephen Eckersley, head of enforcement at ICO, in a statement.

"The punishment for this breach would have been far worse, if this payload data had not been contained," he said.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesGooglesecuritylegalsocial mediainternetsearch enginesprivacy

More about GoogleICOIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zach Miners

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place