Google Inc. may have breached an agreement with the U.K. privacy regulator by failing to delete personal data gathered through its Street View service.
Google contacted the U.K. Information Commissioner’s Office today to say it still had some data that should have been deleted in December 2010, the agency said in a statement e-mailed today. The watchdog said it’s in touch with other data protection regulators in Europe “to coordinate the response to this development.”
“The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010,” the agency said in the statement. “Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.”
Google was fined $25,000 by the U.S. Federal Communications Commission earlier this year for impeding its investigation into improper data gathering. In an agreement ending the U.K. inquiry into Street View in November 2010, Mountain View, California-based Google agreed to further ICO audits of its privacy practices. One was published in August 2011 and will be reviewed this year to ensure ICO recommendations were followed.
In June, the U.K. regulator re-opened a probe into the data collected through Google’s location service. While Street View cars photograph buildings and homes to provide street-level mapping to Google users, they went beyond that by using wireless connections to gather people’s personal communications.
Google still has in its possession “a small portion of payload data collected” by its Street View cars in the U.K., Peter Fleischer, the company’s global privacy counsel, said in the letter. “Google apologizes for this error.”
Google told the ICO in the letter that it “would now like to delete the remaining U.K. data, but would like your instructions on how to proceed.” The company said it’s prepared for the agency “to review this data, or to destroy it.”
Tom Price, a spokesman for Google in the U.K. declined to comment further.
In a letter in response to Google, Steve Eckersley, the ICO’s head of enforcement, asked that the company allow them to examine the data and “that the data is stored securely until such time that we can complete our examination.”
For three years starting in May 2007, Google collected content from wireless networks that it didn’t need for its location-based services, according to the FCC. The company gathered so-called payload data, including e-mail and text messages, passwords, Internet-usage history and “other highly sensitive personal information,” the FCC said.