In May Google announced that, as well as collecting legitimate data about wi-fi hotspots, its Street View camera cars had collected personal data, including emails and passwords, from unsecured networks without consent.
Following investigations from international data protection agencies which found that personal data had been collected by Google, the Information Commissioner’s Office (“ICO") made a u-turn in its initial decision. It originally concluded that no breach of the UK Data Protection Act (“DPA”) had occurred.
The ICO commented that “the most appropriate and proportionate action in these circumstances is to get written legal assurance from Google that this will not happen again”.
Consequently, the ICO has requested Google to sign an undertaking in which it commits to take action to ensure that there is no further breach of the DPA and to delete the data collected in breach of the DPA once it can legally do so. Google will also then be the subject of an audit by the ICO.
Whilst no monetary sanction has been imposed, the ICO is poised for further action if Google fails to fully comply with the undertaking.
Written by Shelley Marshall, a Solicitor in the Commerce and Technology group. If you would like to know more about data protection law please contact the Commerce and Technology Team.
Subscribe to the Nelsons Law RSS service and get all the news as it is added. Simply copy the address from the box below into your RSS reader software: