Google To Delete UK WiSpy Data

Google has signed a commitment to improve data handling following the infamous ‘WiSpy’ incident, says the ICO

Wi-Fi data that was inadvertently captured by Google’s Street View cars as they mapped roads in the UK is finally going to be deleted, according the Information Commissioner’s Office.

The news follows months of speculation over whether Google breached the Data Protection Act when its Street View cars gathered so-called “payload” data from unsecured Wi-Fi connections.

After examining samples of the data in July, the ICO concluded that it was free of any “meaningful personal details”. However, the Information Commissioner did a u-turn earlier this month, after Google admitted the data included full URLs, emails and passwords, stating that the search giant had indeed broken the law.

Tightening up data handling

Alan Eustace, Google’s vice-president of engineering and research, has now signed a commitment to improve data handling, in an attempt to ensure that breaches such as this do not occur again. The company will implement improved training measures on security awareness and data protection issues for all employees, as well as requiring its engineers to maintain a privacy design document for every new project before it is launched.

“I am very pleased to have a firm commitment from Google to work with my office to improve its handling of personal information,” said Information Commissioner, Christopher Graham. “It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities.”

The ICO will conduct a full audit of Google’s internal privacy structure, privacy training programs and its system of privacy reviews for new products in nine months time.

Ongoing investigations

Google is still under investigation in many counties worldwide over the so-called ‘WiSpy’ incident. In October, for example, Canadian authorities ruled that Google Street View committed a ‘serious violation’ of its privacy laws. Czech data protection authorities have also rejected an application by Google to collect personal data for its mapping service. So far, however, it has received no fines.

Meanwhile, the ICO itself has come under criticism for its handling of the investigation, after it emerged that it had send lawyers, not technical staff, to investigate Google’s Wi-Fi data breach. Conservative MP Robert Halfon dubbed the ICO ‘Keystone Kops’, describing the Information Commissioner “lily-livered” and saying the ICO’s lack of action was “lamentable”