Google finds its UK Street View data and the UK information commissioner would like a closer look

Google finds its UK Street View data and the UK information commissioner would like a closer look

The continuing correspondence between the UK Information Commissioner’s Office (ICO) and Google got another update today.

The ICO recently reopened its investigation into data captured by Google Street View (GSV) cars. Today, Google’s Global Privacy Counsel, Peter Fleischer wrote to the ICO confirming that it has located additional payload data collected by Street View cars prior to May 2010. A copy of the letter can be found here [PDF].

Fleischer writes:

Google has recently confirmed that it still has in its possession a small portion of payload data collected by our Street View vehicles in the UK. Google apologizes for this error.

The letter goes on to explain that the search giant has been reviewing its handling of the data and is going through a comprehensive manual review of the Street view disk inventory.

It says that there is payload data from the UK as well as other countries and that Google is notifying the appropriate authorities. Fleischer also writes that Google would like to delete the remaining UK data but will wait and see how the ICO would prefer it to proceed.

Steve Eckersley, Head of Enforcement at the ICO responded with gratitude that Google is committed to cooperation and confirmed that the ICO now wants to see what Google collected. You can read the letter here [PDF]

He writes:

I confirm that the ICO do now intend to examine the contents of the remaining UK payload data and I ask that the data is stored securely until such time that we can complete our examination.

Once that examination has been completed I will be in a better position to advise you on how to proceed in terms of destruction.

No doubt the ICO wants to examine the whole payload with a fine tooth comb. If you remember, the investigation was reopened because the Federal Communications Commission (FCC) published details of its own investigation Google’s data capture from WiFi networks in the US [PDF] and found that the company was capturing information including emails, passwords and other data from unprotected wireless networks as the GSV cars drove by.

This happened after the ICO published an audit in 2011 saying that Google had made improvements and there was a reasonable assurance that changed had been made to reduce the risk of a similar incident happening. The ICO would not want to feel a fool second time around, so Google can expect some close up attention from the UK authority.

An ICO spokesperson said:

Earlier today Google contacted the ICO to confirm that it still had in its possession some of the payload data collected by its Street View vehicles prior to May 2010. This data was supposed to have been deleted in December 2010. The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010.

Not only is the ICO giving this issue a proper eyeballing, it’s bringing its friends, as the spokesperson pointed out:

We are also in touch with other data protection authorities in the EU and elsewhere through the Article 29 Working Party and the GPEN network to coordinate the response to this development. The ICO has always been clear that this should never have happened in the first place and the company’s failure to secure its deletion as promised is cause for concern.

Not a happy Friday for Google today, but at least the letters from Eckersley don’t sound half as outraged as the last round we reported. The company will still get a going over, but at least the private data that was collected by a corporate entity is getting the attention it deserves.

Image credit: Tim Pritlove

Read next: StockTwits fully integrates Chartly to bring its users a killer stream of data