Google committed “significant breach” of UK’s Data Protection Act, but gets away

Just last week we told you that Google might face charges in the UK for taking e-mails, e-mail passwords, addresses and other data when collecting Streetview data in the UK. After Google admitted that it had taken that data The Information Commissioner’s Office (ICO) said they would now re-investigate after previous investigations had finished already.

The UK information commissioner, Christopher Graham, now confirms Google committed a “significant breach” of the UK’s Data Protection Act. He however does not feel that Google needs to pay a fine. Google however has been ordered to delete the data it collected and sign an undertaking that it won’t happen again. Plus they want Google to further train their employees.

Graham said:

“It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act…. The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”

The ICO has sent Google a letter (pdf) in which it announced their measures. You can read the entire letter here. One interesting item from the letter is that the ICO wants Google to “continue and update orientation programs designed to provide Google employees with training on Google’s privacy principles and the requirements of UK data protection law.” Apparently Google is training their employees on the subject of privacy? The ICO wants Google to develop this further and makes demands on enhancing security awareness for Google employees.

Press release here (PDF)

Bas van den Beld

Bas van den Beld is a speaker, trainer and online marketing strategist. Bas is the owner of Stateofsearch.com. -- You can hire Bas to speak, train or consult. -- More articles and bio from Bas van den Beld