The Information Commissioner’s Office (ICO) has taken further action against Google over the collection of Wi-Fi data by its Street View cars, but has stopped short of a monetary penalty.
Instead, the ICO has issued an enforcement notice that requires Google to delete the remaining payload data identified last year within 35 days.
Google is also required to inform the ICO immediately if any further disks are found.
“Today’s enforcement notice strengthens the action already taken by our office,” said Stephen Eckersley, head of enforcement at the ICO.
Failure to abide by the notice will be considered as contempt of court, which is a criminal offence, he said.
Read more on Google Wi-Fi snooping
The decision followed the publication
of a report by the US Federal Communications Commission (FCC), which raised concerns around the
actions of the engineer who developed the software previously used by the cars, and his
The ICO’s investigation found that the collection of payload data by the company was the result of procedural failings and a serious lack of management oversight including checks on the code.
But the investigation also found there was insufficient evidence to show that Google intended,
on a corporate level, to collect personal data.
The ICO has concluded that the rationale for its original decision in 2010 to issue Google with an undertaking and carry out a consensual audit remain the same.
But the ICO has also warned Google that it will be taking a keen interest in its operations and
will not hesitate to take action if further serious compliance issues come to its attention.
When reaching the latest decision, the ICO also considered the discovery of additional disks containing payload data, which were located by Google while the reopened ICO investigation was in progress.
Google has provided assurances that the data has not been accessed and, like the other payload
data collected, has not entered the public domain.
Based on a detailed investigation, including an analysis of the data Google has recorded, the ICO has concluded that the harm caused to individuals by this breach fails to meet the level required to issue a monetary penalty.
“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information,” said Eckersley.
“The punishment for this breach would have been far worse, if this payload data had not been
contained,” he said.
The ICO said it will write to Google shortly to confirm its preliminary findings.