ICO Wants More from Google On Privacy

Google’s privacy policies still need to improve, the Information Commissioner’s Office said today, following an audit last month at Google’s London office.

Google agreed to the audit last November after owning up to collecting private Wi-Fi data as its Street View cars mapped the UK.

It pledged at the time to train staff better in data security and protection and ensure engineers maintain “privacy documents” during product development.

The audit found Google had taken action in all agreed areas but there was still room for improvement.

We’re watching you

Information Commissioner Christopher Graham said today that while Google has progressed those commitments, its policies need to evolve with its products and technologies.

“The ICO’s Google audit is not a rubber stamp for the company’s data protection policies,” he said. “Google will not be filed and forgotten by the ICO.”

The ICO said it would like to see Google proactively provide users with more information about the privacy features of its products, alongside explanations of how data is managed and used in new products.

It also recommended the privacy design documents which ensure privacy is built into products from the start be rigorously applied and checked more often for accuracy.

Doing its best

The ICO highlighted areas of good practice from Google such as more resources dedicated to privacy issues and advanced data protection training for all engineers. It also noted improved training for all staff, covering privacy and the protection of user data.

Alma Whitten, Google’s director of privacy, product and engineering said Google has worked hard on its new privacy controls while ensuring they do not stifle innovation at the company.

“The report verifies the improvements we’ve made to our internal privacy structures, training programmes and internal reviews, and identifies some scope for continued work,” she said.

“We know that there is no perfect solution, so we will continue to improve our current processes and develop new ones so that privacy awareness grows and evolves alongside Google.”

The lives of others

The ‘WiSpy’ situation first came to light when German authorities asked the company what information its Street View cars were collecting.

As well taking pictures, its Street View cars also logged Wi-Fi networks to help with its location services.

On unsecured networks this meant user names, passwords and other personal details were also logged. Google says this was a mistake attributable to a coding error and has since stopped its cars logging Wi-Fi networks.

A group of affected citizens in the US are pursuing a class action lawsuit against Google for this breach and in July a US judge allowed the case to progress, ruling the complainants had sufficiently demonstrated the federal Wiretap Act had been violated.

Google also found itself in hot water with privacy regulators when it emerged that the failed social network Buzz exposed users Gmail contacts against their wishes. It settled a class action lawsuit on the issue in September 2010 for $8.5million.