For all the railing against Google’s Street privacy violations, countries sure are willing to forgive the search engine easily enough for its data-snorting transgressions.
Google admitted its Street View cars that patrol city streets to snap images for Google Maps had sucked up 600 gigabytes worth of e-mails, passwords and URLs from encrypted WiFi networks of unsuspecting users.
U.K. information commissioner Christopher Graham said Nov. 2 the Street View cars triggered a “significant breach” of the U.K. Data Protection Act when they did this.
Even so, the U.K. dropped its investigatIon into the incident and declined to fine Google, according to the Guardian, BBC News and several other news outlets.
The Guardian noted that Google “must sign an undertaking to ensure data protection breaches do not happen again or it will face further enforcement action.”
In other words, Google was let off with a warning, not unlike a harried driver who has been pulled over for speeding and given a pass by attending police officer.
If this story sounds familiar, it’s because both the data privacy commissioner in Canada and the United States’ own Federal Trade Commission gave Google a pass for the data breach.
Like the privacy authorities in the U.K., Canadian Privacy Commissioner Jennifer Stoddart and FTC Consumer Protection head David Vladeck made Google swear to prove they have improved their data protection policies and to uphold them.
No wonder privacy advocates have such a tough time getting Google prosecuted for privacy violations. If governments all over the world won’t take Google to task other than a light chastisement in a public forum, how will Google ever be held accountable?
To be fair, Google took appropriate measures to mitigate the WiSpy gaffe. Google gave data back to some of the 30 countries where it collected it, and destroyed it for others, including a promise to do so in the U.K.
Google is also improving its training for employees with a particular focus on the responsible collection, use and handling of data under the purview of a new privacy director.
The company will also bolster its compliance practices by requiring every engineering project leader to maintain a privacy design document for each project they develop for the company.
Google broke privacy laws in many countries, but because authorities agreed with Google’s assertion that it was a mistake triggered by code from a rogue engineer, the authorities are given the search engine another chance.
Is this right or wrong? Tell us what you think.
In the meantime, expect this latest move to strengthen the resolve of U.S. states’ attorneys general, who are investigating the incident and won’t want a chance to miss persecuting a company other political factions let get away.