Google Has 35 Days To Delete UK “SpyView” Data Or Face “Criminal Action”

The UK data protection authority Information Commissioner’s Office (ICO) has served notice that Google must destroy personal information obtained from its Street View WiFi “payload” data collection within 35 days. While Google has a right to appeal the decision, a refusal to comply (absent an appeal) is considered a “criminal office” and could result in […]

on June 21, 2013 at 12:20 pm | Reading time: 2 minutes
Chat with MarTechBot

google-street-view-carThe UK data protection authority Information Commissioner’s Office (ICO) has served notice that Google must destroy personal information obtained from its Street View WiFi “payload” data collection within 35 days. While Google has a right to appeal the decision, a refusal to comply (absent an appeal) is considered a “criminal office” and could result in prosecution.

The ICO letter (.pdf and below) is dated June 11, so the deadline would be mid-July.

This ultimatum is the culmination of a UK investigation that began in 2010 following the “WiSpy” revelations that launched investigations in the US and throughout Europe. Google has received some modest fines in Europe and the US but largely escaped any major consequences for the episode.

The renewed publicity is unwelcome at a time when Google is seeking to present itself as a champion of transparency and consumer privacy in the wake of the recent NSA surveillance disclosures.

The first revelation that Google had collected sensitive ”payload” information came in May 2010. Google cofounder Sergey Brin admitted the problem at Google’s I/O developer conference and characterized it as a “mistake.”

A subsequent FCC investigation revealed that the data capture was intentional and instigated by an engineer at Google who believed the data might be useful to Google later. Because the engineer invoked his 5th Amendment against self-incrimination, the FCC decided not to pursue a criminal case against Google.

After the FCC report, the UK reopened its own investigation and the deadline above is a result. Google is currently facing multiple privacy related investigations and demands in Europe, including a pan-European ultimatum to make changes in its consolidated privacy policy or face fines.

The ICO demand to destroy the personal “payload” data is contained in the letter below:

Within 35 days of the date of this notice the data controller [Google] shall securely destroy any personal data within the meaning of the Data Protection Act 1998 held on vehicle discs and collected in the UK using Street View vehicles (to the extent that the data controller has no other legal obligations to retain such data) and, If the data controller subsequently discovers a StreetView vehicle disk holding personal data and collected in the UK it shall promptly inform the Information Commissioner.
It’s not immediately clear how challenging this would be to accomplish or what other non-personal data Google might have to sacrifice in the process.

Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.

Add MarTech to your Google News feed.    Google News

Related stories

New on MarTech

About the author

Greg Sterling
Contributor
Greg Sterling is a Contributing Editor to Search Engine Land, a member of the programming team for SMX events and the VP, Market Insights at Uberall.

Related topics

Marketing managementMarketing operations (MOps)Performance marketing

Fuel for your marketing strategy.

Topics

Our events

About

Follow us

© 2024 Third Door Media, Inc. All rights reserved.

Third Door Media, Inc. is a publisher and marketing solutions provider incorporated in Delaware, USA, with an address 88 Schoolhouse Road, PO Box 3103, Edgartown, MA 02539. Third Door Media operates business-to-business media properties and produces events. It is the publisher of MarTech.org, the leading marketing technology digital publication.