X

U.K.: Google's Wi-Fi data collection 'not lawful'

Government regulator says "significant breach" of U.K.'s Data Protection Act occurred when Google Street View cars collected payload data during Wi-Fi mapping effort.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
See full bio
Don Reisinger
2 min read

The United Kingdom's Information Commissioner has found that Google violated the country's Data Protection Act when it collected data from unsecured Wi-Fi networks with its Street View vehicles.

"There was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their Wi-Fi mapping exercise in the U.K.," the Information Commissioner's Office said in a statement today.

A Street View car in action.
A Street View car in action. CNET Asia

The country's Data Protection Act, which was enacted in 1998, determines policies related to the safekeeping of personal information in the U.K. The Information Commissioner's office oversees enforcement of the act.

Google's collection of data was "not fair or lawful," Information Commissioner Christopher Graham said in the statement.

As a result of the findings, the ICO said it has requested Google U.K. "sign an undertaking" to the effect that the company will not breach data protection statutes again and that if a further transgression does occur, Google "will face enforcement action."

No monetary penalty will be levied against the search giant for its collection of information, the agency said.

In July, the Commissioner's office visited Google to samples of the data collected, and said at the time that ot found nothing worrisome.

"[While] Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgment as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion," the Commissioner's office said in a statement in July. "The information we saw does not include meaningful personal details that could be linked to an identifiable person."

Until today's announcement, the U.K. was practically alone in that opinion. French privacy officials said in June that Google collected passwords and e-mails. The Canadian government found 678 phone numbers and "at least five" complete e-mail messages, among other things. Even Google has said that it unintentionally collected "entire e-mails and URLs" with its Street View cars.

Graham acknowledged those findings in today's statement, and said that Google's admission prompted him to take formal action.

After Google signs the undertaking, Graham expects the company to delete all information collected in the U.K. once it is legally cleared to do so.