Google has been given another 35 days to delete the remaining data it “mistakenly collected” while taking pictures for its Street View service, or face criminal proceedings.
It’s investigation into Google reopened last year after further revelations about the data taken from wi-fi networks. During that inquiry, additional discs containing private data were found.
Google had previously pledged to destroy all data it had collected, but admitted last year that it had “accidentally” retained the additional discs.
The ICO has told the search giant it must inform it if any further discs of information are discovered.
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found,” said Stephen Eckersley, the office’s head of enforcement.
Google claimed that it did not plan to collect any personal data, and that the engineer was acting independently. However, it later transpired that at least one senior manager at the company was aware the collection was taking place.
To date, various regulators around the world have for the most part agreed with this assertion, concluding that the “mistakenly” gathered data was a result of sloppy management at a low level, rather than misguided direction from the top.
This warning however might have more teeth as failure to abide by the notice will be considered as contempt of court, which is a criminal offence.
It concluded that the collection of the data in 2010 was due to “procedural failings and a serious lack of management oversight”, but agreed with Google’s assertion that the company did not order the actions at a corporate level.
Inquiries into Google’s data gathering began in 2010 when it emerged an engineer had written software code to gather information from unsecured wi-fi networks.
However Nick Pickles, director of the privacy campaigners Big Brother Watch, criticised the ICO decision.
“People will rightly look at the UK’s approach to this issue and ask why, given regulators in the US and Germany have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain. Is our privacy somehow less worthy of protection?”