The UK’s Information Commissioner’s Office (ICO) this morning said Google has taken “reasonable steps to improve its privacy policies”, following a consensual audit of the company’s privacy processes held at its London office last July.
The ICO’s audit was agreed upon as part of the terms of an undertaking that Google signed (PDF) in November 2010 after the company reported that its Street View cars had collected WiFi payload data alongside the location mapping information that was the stated aim of the project.
In May 2010, it was revealed that Google had collected and stored payload data from unencrypted WiFi connections as part of Street View.
Google has repeatedly stated that the WiFi payload data collection was an unintended mistake and in October 2010 announced that it would examine how to strengthen its internal privacy and security practices by hiring experts and enhance training covering privacy and the protection of user data.
The ICO audit consisted of an extensive review of relevant documentation, an on-site visit (including interviews with Google staff) as well as an inspection of selected records.
ICO found that the company has taken action in all of the agreed improvement areas, yet asked Google to go further to enhance privacy, including ensuring that users are given more information about the privacy aspects of Google products.
Google has responded to the results of the audit on its European Public Policy Blog.
Information Commissioner, Christopher Graham, commented:
“I’m satisfied that Google has made good progress in improving its privacy procedures following the undertaking they signed with me last year. All of the commitments they gave us have been progressed and the company have also accepted the findings of our audit report where we’ve asked them to go even further.
“The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO.”
The executive summary of the Google audit can be found here (PDF).