Satisfied so far, but audit says there is room for improvement
Google has taken "reasonable steps to improve its privacy policies," but there is still work to be done, The Information Commissioner’s Office (ICO) has said.
The ICO has been examining Google privacy practices following last year’s revelation that its Street View cars collected personal information from unsecured Wi-Fi connections around the UK. Google was supposed to be gathering location data and photographs as part of its Street View service in the UK.
The ICO initially announced that Google had collected no "significant" personal data but following reports from Canada it decided to reinvestigate what data had been gathered. Google admitted, "in some instances entire emails and URLs were captured, as well as passwords" had been gathered.
Now the ICO’s audit – agreed as part of an undertaking signed by Google in November 2010 – has found that the company had, "taken action in all of the agreed improvement areas."
The ICO highlighted a number of new processes Google has put in place.
A Privacy Design Document, meaning that all new projects undergo an in-depth assessment to ensure that privacy is built in from the start; advanced data protection training for all engineers; enhanced training for all staff covering privacy; and the development of an internal privacy structure, meaning more resources for privacy procedures.
"I’m satisfied that Google has made good progress in improving its privacy procedures following the undertaking they signed with me last year. All of the commitments they gave us have been progressed and the company have also accepted the findings of our audit report where we’ve asked them to go even further," said Information Commissioner, Christopher Graham.
Where the ICO wants Google to go further include introducing a Privacy Story to each project to detail how data will be managed; ensuring all projects have a Privacy Design Document and that processes to check them for accuracy and completeness continue to be enhanced; and training for engineers to be broken down into specific engineering disciplines, taking account of the outcomes of the Privacy Design Document.
Graham also warned Google that the ICO would be keeping a close eye on the firm in the future.
"The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO."