The internet search giant Google has been told it has 35 days to destroy sensitive data it collected illegally while building its Street View mapping tool.
The firm, which has also come under intense pressure over its tax avoidance schemes recently, was told it risked criminal proceedings if it did not comply but escaped a fine.
The Information Commissioner ordered Google to destroy four discs holding data its Street View camera cars collected from unsecured WiFi networks. The company had previously promised to destroy all data it scooped up as its cars toured major towns and cities but admitted last year that it had “accidentally” retained the additional discs.
This is the latest in a string of online privacy embarrassments for Google, which has been given heavy fines over its Street View data collection in the past.
The company admitted in 2010 that it had collected information, such as passwords or emails, from unsecured wireless networks. And, in February last year, it discovered further discs of UK data that had not been deleted.
Stephen Eckersley, ICO head of enforcement, said that Google’s handling of its Street View project should be seen as an “example of what can go wrong if technology companies fail to understand how their products are using personal information”.
And Nick Pickles, director of privacy campaign group Big Brother Watch, said that the company infringed people’s privacy “on a huge scale, then said it had deleted the data when it had not”.
He added “The basis of privacy law is that companies do not collect our information without our permission. This episode is worryingly close to severely undermining this principle and setting a precedent that companies can collect data illegally and not face any action if they promise to delete it later on.
“People will rightly look at the UK’s approach to this issue and ask why, given regulators in the US, Germany and other countries have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain. Is our privacy somehow less worthy of protection?”
A Google spokesman said: “We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data and didn’t use it or even look at it.
“We co-operated fully with the ICO throughout its investigation and having received its order this morning we are proceeding with our plan to delete the data.”Reuse content