Regulators in the United Kingdom followed the lead of the Federal Trade Commission this week, announcing that while Google did violate national data protection laws, it will not be fined for illegally collecting citizens’ personal information with its controversial Street View cars.
The decision delivered today by the UK Information Commissioner’s Office will require Google (NASDAQ: GOOG) to submit its data protection policies for a regulatory audit.
“It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act,” UK Information Commissioner Christopher Graham said in a statement. “The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again — and to follow this up with an ICO audit.”
Last week, the FTC wrapped up its investigation into Google’s data-collection policies by essentially giving the Internet search, advertising and applications giant a slap on the wrist after concluding the email messages, passwords and other personal data culled from unsecured Wi-Fi networks by the Street View cars was accidental.
Google officials said the unsanctioned and unintentional snooping was the result of experimental software that it included in its camera-equipped Street View cars that was originally designed to collect data about Wi-Fi access points in order to improve the company’s location-based services. Instead, it collected full and partial email messages and other data from unencrypted wireless networks.
Last month, Google outlined changes to its internal privacy controls to ensure citizens’ personal information would remain secure and, presumably, to help ward off future regulation or litigation from countries and individuals impacted by the Street View controversy.
The company is still being investigated by regulators in Germany and Italy and faces a number of class-action suits in the U.S. So far, Google has resolved a total of eight government investigations related to the Street View gaffe and has yet to face any significant repercussions.
The UK Information Commission’s investigation found that Google’s data-collecting vehicles snared British citizens’ emails, complete URLs and passwords as they went about photographing and mapping the country.
In addition to the mandatory audit of its data collection and privacy protection policies, the Commission is also requiring Google to delete the payload data collected in the country as soon as its legally cleared to do so.
For more privacy news, follow eSecurityPlanet on Twitter @eSecurityP.