Bloomberg the Company & Products

Bloomberg Anywhere Login

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Communications

Industry Products

Media Services

Follow Us

Google Broke U.K. Data Law, Privacy Regulator Says

Google Broke U.K. Data Law, Privacy Regulator Says
European governments including Germany, France, Spain and Italy began probes after Google said that its Street View cars had inadvertently recorded information from Wi-Fi networks while photographing roadsides in residential neighborhoods. Photographer: Ralph Orlowski/Bloomberg

Nov. 3 (Bloomberg) -- Google Inc. violated Britain’s data-protection law when its Street View mapping unit inadvertently gathered personal e-mails and passwords from unsecured wireless networks, the U.K.’s privacy regulator said today.

Google disclosed the security breach in May and said in an Oct. 22 blog post that while the data it collected was mostly fragmentary it included entire e-mails and URLs. The error was a “significant breach” of the U.K.’s Data Protection Act, the Information Commissioner’s Office said today in a statement.

“The collection of this information was not fair or lawful,” Information Commissioner Christopher Graham said in the statement. The watchdog needs “written legal assurance from Google that this will not happen again.”

European countries including Germany, France, Spain and Italy began probes after Mountain View, California-based Google said that its Street View cars had collected the so-called payload data while photographing roadsides. The U.S. Federal Trade Commission last month ended its probe when Google said it would improve privacy safeguards.

“We are profoundly sorry for mistakenly collecting payload data in the U.K. from unencrypted wireless networks,” Google’s privacy lawyer, Peter Fleischer, said today in a statement. “We have cooperated closely with the ICO and worked to improve our internal controls.”

Delete Data

Google, owner of the world’s most popular Internet search engine, agreed to delete the data as soon as it confirms there are no outstanding legal obligations to hold onto it, Fleischer said. Google also agreed to update certain policies, including creating a security awareness program for employees, according to the ICO statement.

Google’s U.K. unit will be audited and required to sign a so-called undertaking to ensure data protection breaches don’t happen again, the ICO said. The company faces enforcement action if fails to do so.

The Cheshire, England-based regulator can fine companies as much as 500,000 pounds ($805,300) for serious violations of privacy law.

Phil James, a media and technology lawyer with Lewis Silkin LLP in London, who isn’t involved in the matter, said the U.K. should consider issuing fines that are proportionate to a company’s revenue.

“The rewards for multinationals creating new technologies are rightly vast, but it is only fair that the penalties for inadvertently or directly breaching data liabilities are sufficiently restraining,” James said.

To contact the reporter on this story: Erik Larson in New York at elarson4@bloomberg.net

To contact the editor responsible for this story: Anthony Aarons at aaarons@bloomberg.net

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.