Google has admitted it did not abide by a 2010 order from the Information Commissioner’s Office to delete all UK data collected by its Street View camera cars.
After acknowledging that the cars had stolen data - albeit unintentionally, it maintains - in the form of passwords, emails, and other documents through open Wi-Fi networks, the search giant was found to have violated the Data Protection Act, which only grants organisations the right to collect personal data under “fair and lawful” circumstances. Google was then instructed to submit to an audit and to get rid of all the data it had collected.
But today, months after Google told the ICO that all UK data had been deleted, the company’s counsel Peter Fleischer revealed in a letter to the agency that it had failed to get rid of “a small portion of payload data.” Fleischer said Google “would now like to delete the remaining UK data, but would like [the ICO’s] instructions on how to proceed.”
"The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010," replied ICO head of enforcement Steve Eckersley in a letter addressed to Fleischer.
"The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,” Eckersley wrote.
The ICO has said it will “subject [the data] to forensic analysis before deciding on the necessary course of action." The agency has also said it’s cooperating with other data protection regulatory bodies throughout the EU and will plan a coordinated response to the situation.
Critics of the ICO have accused it of being overly lenient in its treatment of Google, and this latest transgression could very well be the straw that makes the camel dish out fines.