Google (NSDQ: GOOG) committed a “significant breach” of the UK’s Data Protection Act when its Street View cars collected personal data including full emails and passwords from unsuspecting users, the UK information commissioner confirmed today (full ruling PDF and commissioner’s letter to Google).
The information commissioner, Christopher Graham, rejected calls to inflict a financial penalty on Google, but said the company must sign an undertaking to ensure data protection breaches do not happen again or it will face further enforcement action.
Google has also been ordered to delete the data it collected from users’ Wi-Fi networks by its Street View cars once legally cleared to do so. The culture minister, Ed Vaizey, last week announced the Metropolitan police had dropped its investigation into the breaches.
Graham said: “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.
“The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”
This article originally appeared in MediaGuardian.