Google has agreed to delete the slurped Wi-Fi data its Street View spymobiles "inadvertently collected" as they prowled the UK's highways and byways.
The Information Commissioner's Office has announced that Google has also "signed a commitment to improve data handling", and faces an ICO audit of its "internal privacy structure, privacy training programs and its system of privacy reviews for new products" within nine months.
Information Commissioner Christopher Graham, who has previously been criticised for not coming down hard on Google for violating the Data Protection Act, said: "I am very pleased to have a firm commitment from Google to work with my office to improve its handling of personal information. We don’t want another breach like the collection of payload data by Google Street View vehicles to occur again."
Graham described the deal as a "significant achievement", and concluded: "We will be keeping a close watch on the progress Google makes and will follow up with an extensive audit. Meanwhile, I welcome the fact that the Wi-Fi payload data that should never have been collected in the first place can, at last, be deleted."
The full undertaking is here. In it, the Information Commissioner notes he was "informed by Google, with reference to a public Google blog, that Google Street View vehicles, which had been adapted to collect publicly available Wi-Fi radio signals, had mistakenly collected payload data, likely to include a very limited quantity of emails, URLs and passwords".
The document elaborates: "Google’s purpose had been to identify Wi-Fi networks and to map their approximate location using the GPS co-ordinates of the GSV car when the radio signal was received. The aim was to build and improve the geo-location database for location-based mobile applications."
In return for the signature of Alan Eustace, "Senior Vice President of Google Inc", Graham has agreed to "close his his investigation of this matter" and not pursue Google under the Data Protection Act. ®