WebProNews

Tag: Information Commissioner’s Office

  • Google Gets OK To Delete UK Street View WiFi Data

    At least in the UK, Google may finally be able to put its recent Street View privacy gaffe behind it.  The company’s signed a commitment to improve its handling of data, and as a result, the UK Information Commissioner’s Office has given Google permission to delete the sensitive information it collected by accident.

    The last time we heard from the UK Information Commissioner’s Office, it had decided Google breached the Data Collection Act, but chosen not to fine the search giant.  This new development is good for Google in the sense it ensures the ICO won’t reopen its inquiry at a later date, either.

    The less convenient side of the situation is that some monitoring will occur.  The ICO said in a statement, "The Information Commissioner’s Office (ICO) will conduct a full audit of Google’s internal privacy structure, privacy training programs and its system of privacy reviews for new products.  The audit will take place within nine months of the undertaking being signed."

    Google also had to recommit to the stronger privacy controls it outlined in an official blog post late last month.

    GoogleAll in all, though, we’re sure the company will be happy to have this matter stop making headlines, and the ICO seems to have set a more than reasonable deadline for Google to get everything done.

    Now Google’s Street View and legal teams just have to hold their breath while regulators in other countries make up their minds about how to proceed.

  • UK Authority Rules Google Breached Data Protection Act

    In the UK, the Information Commissioner’s Office has concluded its investigation of Google’s Street View privacy gaffe, and there’s good news and bad news for the search giant.  The bad, which arguably outweighs the good: it’s been judged guilty of a "significant breach of the Data Protection Act."

    In a formal statement, the ICO said, "The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK."

    This represents quite a black eye for Google on the PR front.  UK citizens who were suspicious of (or hostile towards) Street View all along will feel vindicated, and other folks might start getting more concerned.

    Still, Google can at least take some comfort in the fact that the ICO has decided not to fine it.  Instead, "Google UK will be subject to an audit and must sign an undertaking to ensure data protection breaches do not occur again," according to the organization.

    Otherwise, the ICO just wants Google to delete the data it collected as soon as possible.

    The ICO also hinted that it’ll be a little less lenient if Google manages to make any similar privacy stumbles in the future.

  • UK Privacy Authority Expands Google Inquiry

    Google may soon make British history, but not in way that will make anyone proud.  Due to the company’s admission that its Street View cars sometimes collected entire emails and passwords while taking pictures, Google could become the first organization to be fined by the Information Commissioner’s Office.

    As you probably remember, Google slipped the detail about emails and passwords into a blog post discussing new privacy controls.  The Information Commissioner’s Office was quick to respond.

    An ICO spokesperson said in a statement today, "We will be making enquiries to see whether this information relates to the data inadvertently captured in the UK . . ."  Which sounds fine so far, given that "enquiries" aren’t threatening and the term "inadvertently" gives Google the benefit of the doubt.

    The problem, from Google’s perspective, is that the spokesperson also said the ICO might have to consider "the need to use our enforcement powers."  And since earlier this year, that includes the ability to levy a fine of £500,000 (or about $786,000).

    Google could take the financial blow, given that it had $33.4 billion in "cash, cash equivalents, and marketable securities" as of September 30th.  The fine would just represent an embarrassing PR loss, especially since the ICO more or less cleared Google in July.

    It’s possible other organizations would follow the ICO’s lead, as well.

  • UK Authority Clears Google Street View Data

    There’s a bit of good news for Google this morning in relation to the Street View data collection clash.  The UK’s Information Commissioner’s Office announced that it’s had a look at some of the data, and the organization is inclined to believe that no harm will come of Google’s mistake.

    It’s important to note that the ICO, which is an independent authority, didn’t analyze every scrap of information, so this doesn’t count as conclusive proof that only random 1s and 0s were collected.  Also, the ICO didn’t in any way argue that it was okay for Google to record the data.

    Still, the ICO told Dan Worth, "On the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data. . . .  There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment."

    The ICO then stated, "We will be alerting Privacy International and others who have complained to us of our position."

    That counts as a significant win for Google.  Things hadn’t been going too well beforehand, with more and more officials clamoring to investigate the company’s practices and possibly impose penalties.  Now it’s effectively been let off the hook by one inquiry.

    It should be interesting to see if any other groups are willing to accept the ICO’s word on this matter.

  • Google Begins Cleanup After WiFi Data Blunder

    However facepalm-worthy Google’s accidental collection of sensitive data sent over WiFi networks may have been, the search giant is at least wasting no time in remedying the situation.  At the request of the Irish Data Protection Authority, Google has already deleted the data it accumulated in Ireland, and the company appears set to dispose of the data it collected in the UK, as well.

    GoogleAlex Stamos, a partner at a security consulting firm called iSEC Partners, confirmed the first part of this story.  In a letter provided by Google, he wrote, "Before my arrival, Google staff had consolidated the wi-fi packet captures onto four hard drives. . . .  Upon my acquisition of the drives from Google staff, I noted that the hard drives had been stored in a secure manner within a secure portion of the facility."

    Next, Stamos stated, "I created two new encrypted volumes on separate hard drives, and copied over all of the data with the exception of data that was identified as being captured within the Republic of Ireland.  I then witnessed the physical destruction of the four original hard drives."

    As for what’s happening with regards to the UK dataset, Charles Arthur reported today that the UK Information Commissioner’s Office has ordered Google to destroy it, and while that might sound severe, it’s actually a good sign for the company.  Consider that the Information Commissioner’s Office might have tried to use the data as evidence in an investigation, or at least asked Google to let its people witness the process.

    Of course, it’s looking likely at this point that many independent privacy groups, along with German authorities and the FTC, will not be so quick to forgive Google’s mistake.