Google Inc., operator of the world’s largest Internet search engine, was given 35 days by the U.K.’s data protection watchdog to remove wireless-network data collected by its cars for its Street View service in the country.
Google is legally obliged under today’s “enforcement notice” to delete any remaining data in the given time, or be held in “contempt of court, which is a criminal offence,” the U.K. regulator said in a statement.
“The early days of Google Street View,” which allows users to see photographs of roadsides, “should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information,” said Stephen Eckersley, head of enforcement at the Information Commissioner’s Office.
Google, based in Mountain View, California, has been fined by regulators worldwide over the Street View Wi-Fi breaches, with the French privacy regulator levying a 100,000-euro ($132,000) penalty in 2011. Hamburg’s data-privacy regulator in April fined Google 145,000 euros for collecting wireless-network data from 2008 to 2010 as its Street View cars took photos.
“We work hard to get privacy right at Google — but in this case we didn’t, which is why we quickly tightened up our systems to address the issue,” said Al Verney, a Brussels-based spokesman for Google. “The project leaders never wanted this data, and didn’t use it or even look at it. We cooperated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data.”
Google faces probes by data-protection regulators across Europe over changes to harmonize privacy policies for more than 60 products last year. Yesterday, France gave Google three months to amend its policy to avoid fines, with five other European countries likely to follow suit by the end of July.
Global regulators this week wrote to Google Chief Executive Officer Larry Page to contact them about possible issues with its web-enabled eyeglasses, called Google Glass.
The U.K. regulator said today it also took into account the discovery of additional disks with data. “Google has provided assurances” that the data wasn’t accessed by the company and hasn’t entered the public domain.
The ICO “concluded that the detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty.”