ICO U-Turn: Google Broke The Law

The Information Commissioner has ruled that Google broke the UK’s Data Protection Act when its Street View cars gathered personal data from Wi-Fi networks, but will not be fining the search giant.

Because Google reported its own offence spontaneously and has promised to do better in future, it will not face a fine. But the commissioner, Christopher Graham, has said it will monitor the company closely in future.

Data gathered over Wi-Fi

In July, the Information Commissioner’s Office (ICO) cleared Google of breaking data protection laws, following the revelation that cars taking photos for its Street View service had also gathered “payload” data from Wi-Fi networks. Last month, Google admitted that this “WiSpy” data included full URLs, emails and passwords.

Graham then launched a new investigation into Google, which led to speculation that the company might be the first to pay a fine under powers recently given to the ICO. However, Graham rejected this “alarmist agenda” despite pressure from MPs and others.

Google’s critics are not impressed. “The ICO failed to act when it should have done, despite the fact that Google staged a significant infringement of privacy and civil liberties, by harvesting millions of emails, Wi-Fi addresses, and passwords,” MP Robert Halfon told the BBC. “Furthermore, the ICO has already proved that it lacks the technical expertise to audit Google’s activity. What confidence can we have in their audit now? People feel powerless.”

Google has apologised for the incident and appointed a new privacy chief.