Google has been given the go-ahead by the Information Commissioner's Office to delete the data it collected from unsecured Wi-Fi networks as part of its Street View operation.
Over the past year, the search and advertising giant has drawn criticism from privacy campaigners and come under investigation by national data protection authorities for the harvesting of data, which may have included passwords and login details. Street View cars obtained and stored information from home and other Wi-Fi networks while driving around neighbourhoods taking images for Google Maps.
"I welcome the fact that the Wi-Fi payload data that should never have been collected in the first place can, at last, be deleted," information commissioner Christopher Graham said in a statement on Friday.
Google said it intends to erase the data as soon as possible. It told ZDNet UK that it is not subject to any outstanding legal proceedings in the UK over the data harvesting.
On Friday, the ICO said that Google had signed an undertaking to train staff and engineers on the use and handling of data. Engineering project leaders will have to maintain a privacy design document that will become general practice for Google, said the ICO. In nine months' time, Google will arrange a consensual audit with the ICO in the UK.
In November, the ICO found Google to have been in significant breach of UK data laws, after the company admitted that it had collected personal details in a blog post. The ICO, which has the power to fine companies up to £500,000 for data-protection breaches, said that it would not fine Google, as it would be difficult to prove the company had done any substantial harm.
The ruling represented a U-turn for the privacy body. In May, it gave Google permission to delete the 'payload' data it had intercepted, but the deletion was prevented after campaign group Privacy International lodged a complaint with the Metropolitan Police. In July, an ICO investigation concluded that Google had collected "no meaningful details", leading the Metropolitan Police to drop its own enquiry.
Privacy International campaigner Alex Hanff called for the ICO to improve its approach to such issues. "The ICO needs to be sorted out in a fundamental way," said Hanff. "They are not making routine investigations of companies, and they are not developing forensic investigation routines."
The ICO should be given more powers and expertise to investigate the organisations it suspects of breaching data protection law, according to Open Rights Group director Jim Killock. "The ICO's hand needs to be strengthened," Killock said. "The ICO has not generally been an organisation with a lot of technical expertise. It's quite possible that the ICO investigation into Google could have been more thorough."