News Analysis: The U.K. privacy authorities Nov. 2 forgave Google Street View cars for collecting data in that country, joining Canada and the U.S. Federal Trade Commission.
For all the railing against Google's
Street privacy violations, countries sure are willing to forgive the search
engine easily enough for its data-snorting transgressions.
its Street View cars that patrol city streets to snap images for
Google Maps had sucked up 600 gigabytes worth of e-mails, passwords and URLs
from encrypted WiFi networks of unsuspecting users.
U.K. information commissioner Christopher Graham said Nov.
2 the Street View cars triggered a "significant breach" of the U.K.
Data Protection Act when they did this.
Even so, the U.K. dropped its investigatIon into the incident
and declined to fine Google, according to the Guardian, BBC News and several
other news outlets.
that Google "must sign an undertaking to ensure data protection
breaches do not happen again or it will face further enforcement action."
In other words, Google was let off with a warning, not
unlike a harried driver who has been pulled over for speeding and given a pass
by attending police officer.
If this story sounds familiar, it's because both the data privacy commissioner
in Canada and the United States' own Federal Trade Commission
gave Google a pass for the data breach.
Like the privacy authorities in the U.K., Canadian
Privacy Commissioner Jennifer Stoddart and FTC Consumer Protection head David
Vladeck made Google swear to prove they have improved their data protection
policies and to uphold them.
No wonder privacy advocates have such a tough time
getting Google prosecuted for privacy violations. If governments all over the
world won't take Google to task other than a light chastisement in a public
forum, how will Google ever be held accountable?
To be fair, Google took appropriate measures to
mitigate the WiSpy gaffe. Google gave data back to some of the 30 countries
where it collected it, and destroyed it for others, including a promise to do so in the U.K.
Google is also improving its training for employees with a
particular focus on the responsible collection, use and handling of data under
the purview of a new privacy director.
The company will also bolster its compliance practices by
requiring every engineering project leader to maintain a privacy design
document for each project they develop for the company.
Google broke privacy laws in many countries, but because authorities
agreed with Google's assertion that it was a mistake triggered by code
from a rogue engineer, the authorities
are given the search engine another chance.
Is this right or wrong? Tell us what you think.
In the meantime, expect this latest move to strengthen the resolve
of U.S. states' attorneys general, who are investigating the incident
and won't want a chance to miss persecuting a company other political
factions let get away.