Google hit with 35 day Street View data deletion request by ICO

News
By Caroline Donnelly
published

Search giant could face contempt of court charges if it fails to comply with ICO enforcement notice.

Google Street View man

Google must delete any remaining Street View payload data it is hoarding by the middle of next month or face criminal charges.

The Information Commissioner's Office (ICO) made the ultimatum in an enforcement notice addressed to the search giant, dated 11 June, which gives the firm 35 days to comply with the request.

Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.

The data protection watchdog said the enforcement notice means Google is legally required to delete the remaining payload data and immediately inform the ICO if any more is found.

"Failure to abide by the notice will be considered as contempt of court, which is a criminal offence," Stephen Eckersley, the ICO's head of enforcement, said in a statement today.

The action follows on from Google's admission last July to the ICO that not all of the data it collected during its UK Street View operations, which saw the firm trawl streets around the world to create a digital and searchable map, had been destroyed as instructed.

This was following the discovery that, while this street trawl was carried out, peoples' personal information had been collected.

The firm was instructed by the ICO in November 2012 to delete all the data the Street View team acquired, which Google claimed at the time had been collected in error.

The results of an ICO investigation into Street View claim the payload data's collection was the result of "procedural failings" and a "serious lack" of management oversight.

It also stated that it found insufficient evidence to suggest Google set out to deliberately collect it.

Google has assured the ICO that none of the payload data has entered the public domain. This, based on the ICO's own findings, is why the firm will not be asked to pay a fine.

"The ICO has concluded that the detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty," it said in a statement.

The organisation confirmed that it is still investigating how Google's privacy policy squares with the contents of the Data Protection Act, and intends to make its preliminary findings known to the web company in due course.

Eckersley said the case is a good example of what can happen when technology companies fail to grasp how their products process personal information.

"The punishment for this breach would have been far worse, if this payload data had not been contained," he added.

In a statement to IT Pro, a Google representative confirmed the company is in the throes of deleting the data.

"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it," the statement read.

"We cooperated fully with the ICO throughout its investigation, and having received its order...we are proceeding with our plan to delete the data."

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.