UK: Google Wi-Fi collection violated data protection laws
IDG News Service - The U.K.'s data protection watchdog said today that Google violated the law with its Street View Wi-Fi collection program, but it is letting the company off with a warning and not imposing a fine.
The latest development marks a change in position for the Information Commissioner's Office (ICO), which said earlier this year that Google only appeared to have breached data protection requirements. It declined to take further action after Google agreed to delete the data.
Google said in May that it had collected information on unencrypted Wi-Fi routers, including fragments of data transmitted by those routers. The purpose of the data collection -- which occurred as its Street View imagery vehicles were cruising streets in many countries -- was to improve a geo-location database for location-based mobile applications.
Google denied the data could be traced back to an individual. But the company said on Oct. 22 that an examination of the data by seven external regulators have now shown that in some instances entire e-mails and URLs were collected along with some passwords.
Earlier this year officials from the ICO who viewed a sample of the collected data apparently missed the fact that some of it could be traced back to specific people. They concluded "that the data as fragmentary and was unlikely to constitute personal data" and declined to take further action.
ICO officials looked at parts of the data that was provided by Google and also did their own random sampling, but did not find information that constituted personal data, according to an ICO spokesman.
It is not known which regulatory agency in the 30 countries examining the Street View data discovered the full e-mails and passwords, although it should eventually be revealed, the ICO spokesman said.
The ICO declined to impose a fine, saying that the majority of the data was collected by Google prior to April 6, the day the agency gained the power to fine organizations that break the Data Protection Act of 1998 up to £500,000 ($800,000).
"Monetary penalties can only be served when a strict set of criteria is satisfied, including that the breach was likely to cause substantial harm or substantial distress -- this alone would be very hard to prove in this case," according to an ICO statement.
To satisfy the ICO, Google will be subject to an audit within nine months by the ICO and must sign a document saying they will face further action unless the company takes steps to ensure data is protected.
The ICO has mandated that the company must put programs in place to train employees on data protection and the law, train engineers on the handling of data and start a security awareness program, among other requirements.
The Wi-Fi collection program remains under investigation by agencies in several countries. In Germany, Hamburg's Data Protection Authority (DPA) and the city's prosecutor's office continue to examine the data and whether collecting it broke German laws.
Last month, Spain's Data Protection Agency said it is investigating Google for up to five infractions of its laws over the collection of Wi-Fi data, for which the company could face more than $417,000 in fines. In August, South Korean police raided Google's offices and launched an investigation into unauthorized data collection and illegal wiretapping.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Gov't Legislation/Regulation White Papers | Webcasts