Google gets OK to delete Street View Wi-Fi data

Google gets OK to delete Street View Wi-Fi data

Summary: The ICO has said that the web giant can erase data its map-service cars collected from Wi-Fi networks, in return for an undertaking to apply greater privacy controls to future UK projects

SHARE:
TOPICS: Security
0

Google has been given the go-ahead by the Information Commissioner's Office to delete the data it collected from unsecured Wi-Fi networks as part of its Street View operation.

Over the past year, the search and advertising giant has drawn criticism from privacy campaigners and come under investigation by national data protection authorities for the harvesting of data, which may have included passwords and login details. Street View cars obtained and stored information from home and other Wi-Fi networks while driving around neighbourhoods taking images for Google Maps.

"I welcome the fact that the Wi-Fi payload data that should never have been collected in the first place can, at last, be deleted," information commissioner Christopher Graham said in a statement on Friday.

Read this

Google explains why Street View cars record Wi-Fi data

In a letter to data protection authorities across Europe, Google said it needs to record houses' Wi-Fi data to help it provide location-based services

Read more+

Google said it intends to erase the data as soon as possible. It told ZDNet UK that it is not subject to any outstanding legal proceedings in the UK over the data harvesting.

On Friday, the ICO said that Google had signed an undertaking to train staff and engineers on the use and handling of data. Engineering project leaders will have to maintain a privacy design document that will become general practice for Google, said the ICO. In nine months' time, Google will arrange a consensual audit with the ICO in the UK.

In November, the ICO found Google to have been in significant breach of UK data laws, after the company admitted that it had collected personal details in a blog post. The ICO, which has the power to fine companies up to £500,000 for data-protection breaches, said that it would not fine Google, as it would be difficult to prove the company had done any substantial harm.

The ruling represented a U-turn for the privacy body. In May, it gave Google permission to delete the 'payload' data it had intercepted, but the deletion was prevented after campaign group Privacy International lodged a complaint with the Metropolitan Police. In July, an ICO investigation concluded that Google had collected "no meaningful details", leading the Metropolitan Police to drop its own enquiry.

Privacy International campaigner Alex Hanff called for the ICO to improve its approach to such issues. "The ICO needs to be sorted out in a fundamental way," said Hanff. "They are not making routine investigations of companies, and they are not developing forensic investigation routines."

The ICO should be given more powers and expertise to investigate the organisations it suspects of breaching data protection law, according to Open Rights Group director Jim Killock. "The ICO's hand needs to be strengthened," Killock said. "The ICO has not generally been an organisation with a lot of technical expertise. It's quite possible that the ICO investigation into Google could have been more thorough."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion