Yet Google managed to avoid a fine, with the Information Commissioner’s Office accepting a promise from the company that it would take steps to avoid repeating what it has described as an inadvertent error.
The collection of the data occurred when camera-equipped cars cruised the streets of Britain and other countries to take pictures for Street View, which enhances Google’s online maps with street-level pictures. In gathering information for the maps, including the location of wireless networks, the cars intercepted communications from unsecured Wi-Fi systems.
The matter is still being investigated in a number of other European countries, including Germany, France, Italy and Spain. In the United States, the Federal Trade Commission said last week that it had dropped an inquiry after Google promised upgrades to its security practices.
The British information commissioner said Google had agreed to train employees better on privacy issues; to allow the agency to conduct an audit of privacy and security practices within nine months; and to delete the data it had collected in Britain, subject to legal obligations.
“The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again,” the commissioner, Christopher Graham, said in a statement.
Google said in a statement that it was “profoundly sorry” for the breach of Britain’s data protection act, and said it had already been working with the information commissioner to improve its internal controls.
“As we have said before, we did not want this data, have never used any of it in our products or services and have sought to delete it as quickly as possible,” said Peter Fleischer, Google’s global privacy counsel.
Some privacy groups criticized the information commissioner’s action as a slap on the wrist. The agency was recently granted the power to fine companies up to £500,000, or about $800,000, for violations of the British data protection act.
“Ruling that Google has broken the law, but then taking no action against it, shows the commissioner to be a paper tiger,” Big Brother Watch, a London-based group that campaigns for privacy rights, said in a statement. “The commissioner is an apologist for the worst offender in his sphere of responsibility, not a policeman of it.”
The Information Commissioner’s Office countered in a statement that “monetary penalties can only be served when a strict set of criteria is satisfied, including that the breach was likely to cause substantial harm or substantial distress — this alone would be very hard to prove in this case.”
The agency had looked into the situation last spring, but put its inquiry on hold after concluding that only fragments of information, like incomplete Web addresses and e-mail snippets, had been collected.
Google initially described the privacy breach in this way, but acknowledged last month that in some cases entire e-mail messages, passwords and other information were collected. At that point, the information commissioner reopened the investigation.
Google’s disclosures have heightened concerns elsewhere about Street View, which, while popular, has also prompted a backlash from privacy campaigners and some individuals.
In Germany, Google said 244,000 people had asked the company to remove images of their homes from Street View prior to the recent introduction of the service in that country. Perhaps because of the legacies of Nazi and Communist regimes, Germans are particularly sensitive about privacy, but concerns about Street View are growing elsewhere, too.
In Britain, for example, the House of Commons held a debate last week on privacy issues related to Street View. This week, the culture minister, Ed Vaizey, called for the development of a new code of practice to help individuals take action against Internet companies if they felt their privacy had been violated.
nytimes
0 yorum:
Post a Comment