On Friday, Google sent a letter to the Information Commissioner’s Office (ICO) admitting that they had broken their 2010 promise to delete certain Street View data. The data, which included information related to users’ private email addresses, passwords, and web/picture search history, was illegally collected by the Google Street View vehicles from unprotected wireless networks.
“Google has recently confirmed that it still has in our possession a small portion of payload data collected by our Street View vehicles in the U.K. Google apologizes for this error.”
The letter, which is published on the ICO website, indicates that Google wants to destroy the remaining data. However, the search company stated they would wait for official ICO instructions prior to proceeding.
An ICO spokesperson issued the following statement on the official ICO website:
“Earlier today Google contacted the ICO to confirm that it still had in its possession some of the payload data collected by its Street View vehicles prior to May 2010. This data was supposed to have been deleted in December 2010. The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010.”
The ICO has already stated that they will require the “small portion” of data, which is approximately 600 gigabytes, be supplied to them immediately. While the ICO has the ability to fine Google up to 500,000 pounds (approximately $780,000), the fine would be an insignificant price to Google. The more likely action is a small fine or injunction. The ICO has pledged to work collaboratively with other privacy authorities in the E.U. to orchestrate a “coordinated response.”
Do you believe that Google forgot to delete the data? What should the ICO do about this situation?