British officials say that Google will be audited and must promise not to violate the law again, but will not be fined. The move comes as Canada, Spain and, most recently, Italy are scrutinizing the California company.
Google first announced the collection of data in May
In an announcement Wednesday, British data protection authorities said there was a "significant breach of the Data Protection Act" and that Google UK would be subject to an audit. Further, it added, the company must promise that similar data breaches do not occur again.
The UK authorities had once again taken up the privacy case against Google late last month after Google had revealed further details that it had obtained "WiFi data." That data included passwords and e-mails while Google was sending cars along British streets and in other countries for its Street View service.
Earlier this year, the Information Commissioner's Office (ICO) had said that it had found "no wrongdoing" on Google's part, but re-opened an investigation last week.
"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act," said Christopher Graham, the UK information commissioner, in a statement published Wednesday on the ICO's website.
"The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."
The ICO elaborated that it had declined to seek monetary damages against the Silicon Valley company as it would have been too legally difficult to prove.
"Monetary penalties can only be served when a strict set of criteria is satisfied, including that the breach was likely to cause substantial harm or substantial distress – this alone would be very hard to prove in this case," wrote Kirsty McCaskill, an ICO spokesperson, in a statement provided to Deutsche Welle. "The vast majority of the pay-load data was also collected prior to 6 April 2010, before our new powers came into force.”
The vehicles used to create Street View inadvertantly collected the data Google says
Google has admitted guilt
In a written statement also provided to Deutsche Welle, Peter Fleischer, Google's global privacy counsel said that the company had made a mistake.
"We are profoundly sorry for mistakenly collecting payload data in the UK from unencrypted wireless networks," he wrote. "Since we announced our mistake in May we have cooperated closely with the ICO and worked to improve our internal controls. As we have said before, we did not want this data, have never used any of it in our products or services, and have sought to delete it as quickly as possible. We are in the process of confirming that there are no outstanding legal obligations upon us to retain the data, and will then ensure that it is quickly and safely deleted."
Previously, as recently as October 22, Google officials have apologized for the mistake and said that it would be changing its policies.
"We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users," wrote Alan Eustace, Google's senior vice president of engineering and research, in a post published on October 22 on Google's public policy blog.
The American Federal Trade Commission decided last week to drop its investigation against Google, while in recent weeks, similar government agencies in Italy, Canada and Spain have all pursued action against the company. The investigations worldwide began earlier this year after German authorities in Hamburg discovered the payload data in one of Google's vehicles, and they are continuing to investigate as well.
Author: Cyrus Farivar
Editor: Stuart Tiffen