Google used cars equipped with cameras to gather material for its much-publicised Street View feature. The material was not confined to photographs, but also included data by which wi-fi hotspots could be located. Earlier in 2010, the ICO investigated this ‘payload data’. It concluded that the information it had inspected was not personal data, in that it could not be linked to identifiable individuals. The ICO stated, however, that it would continue to work with its international counterparts, such as the Canadian authorities, in investigating Google. This co-operation has now shown the payload data to include URLs, passwords and email details.
The ICO today announced that:
“The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK. He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken. The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with”.
This follows the ICO’s press release on Monday, in which it commented that:
“It is also important to note that none of the regulators currently investigating Google Street View have taken direct enforcement action at this stage, with the US investigation led by the US Federal Trade Commission for example ruling out direct action, although mirroring our own concern that this data was allowed to be collected by an organisation who showed such disregard for international data protection legislation. This week the Metropolitan Police have also closed their case believing it would not be appropriate to pursue a criminal case against Google under the Regulation of Investigatory Powers Act (RIPA). Whilst we continue to work with our other international counterparts on this issue we will not be panicked into a knee jerk response to an alarmist agenda.”
The latter press release also explained the ICO is “keen to discuss with MPs and Ministers how we can further defend privacy on the internet as technologies and applications develop”. In this regard, the Guardian reports today that culture minister Ed Vaizey is proposing a new internet code of conduct and a mediation mechanism to resolve complaints by individuals against data controllers. He is reportedly meeting with the ICO today to discuss these matters. Watch this space.