Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

ICO reasonably assured by Google privacy changes

Google has improved its approach to privacy, the UK's data protection watchdog has said.

The Information Commissioner's Office (ICO) said that Google had offered it "reasonable assurance" that it had made changes to how the company addresses privacy issues.

The ICO was conducting an audit into the company's privacy practices as part of an agreement the search engine giant signed last year. Google gathered personal information from Wi-Fi networks when collecting data for its Street View service. The company gathered entire emails, usernames and passwords when its camera-mounted cars scanned Wi-Fi networks.

Under UK data protection laws the ICO has the power to fine organisations up to £500,000 for serious breaches of the laws which govern the protection of personal data. The Data Protection Act provides that personal data must be processed fairly and lawfully.

The ICO, which initially dropped its investigation into Google's Street View service, decided not to punish Google with a fine but to offer it the chance to sign the undertaking which the company signed. That committed Google to improving its privacy policies and to allow the ICO to conduct an audit of its practices.

"The audit verified that Google have made improvements to their internal privacy structure, privacy training and awareness and privacy reviews," the ICO audit said.

"The audit provided reasonable assurance that these changes reduce, but do not eliminate, the risk of an incident similar to the mistaken collection of payload data by Google Street View vehicles occurring again. It has also provided reasonable assurance that Google have implemented the privacy process changes outlined in the Undertaking," the ICO said.

Among the undertakings Google signed were commitments to ensure that all its employees were trained on the company's code of conduct, which includes sections on privacy and protection of personal data, and that specific training for engineers and "other important groups" was enhanced to "focus on the responsible collection, use and handling of data.

Google also had to ensure that the personal data it collected from its Wi-Fi scanning was deleted.

The audit, which took place in Google's London office in July, identified areas of improvement which Google has committed to addressing, the ICO said.

'Privacy stories' should accompany all Google services to inform consumers about specific privacy issues, and training should be better focused and delivered to all engineers, the ICO said.

"I'm satisfied that Google has made good progress in improving its privacy procedures following the undertaking they signed with me last year," Christopher Graham, Information Commissioner, said in a statement.

"All of the commitments they gave us have been progressed and the company have alsoaccepted the findings of our audit report where we’ve asked them to go even further.  The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO.”

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.