The Information Commissioner has effectively compelled Google to improve its data handling, as part of a new agreement.
The commitment is unusual in that it means Google will have to address practices globally and not just in the UK. However, as revealed at the start of the month, Google will not have to pay a fine.
Google said in May that it had accidentally collected information on unencrypted Wi-Fi routers, including fragments of data transmitted by those routers. Earlier this month the ICO said it would let the company off with a warning and would not impose a fine.
It is understood that Google chose to sign the agreement in recent weeks. A spokesperson at the ICO confirmed that any non-signature could have led to the ICO "issuing an enforcement notice".
The new agreement is aimed at ensuring security breaches do not occur again, the Information Commissioner said today.The agreement was signed by Alan Eustace, senior VP at Google. It commits the company to putting into place improved training measures on security awareness and data protection issues for all employees.
The company has also said it will require its engineers to maintain a privacy design document for every new project before it is launched. The payload data that Google inadvertently collected in the UK will also be deleted.
In the undertaking, Google said the vehicles "had been adapted to collect publicly available wi-fi radio signals, [and] had mistakenly collected payload data, likely to include a very limited quantity of emails, URLs and passwords".
A Google spokesperson said today: "'Were pleased that the ICO have concluded their investigation and we will be working to delete the data as soon as possible."The ICO will now conduct a full audit of Google's internal privacy structure, privacy training programs and its system of privacy reviews for new products.
Christopher Graham, information commissioner, said: "I am very pleased to have a firm commitment from Google to work with my office to improve its handling of personal information. We don't want another breach like the collection of payload data by Google Street View vehicles to occur again. "It was a "significant achievement", he said, that the ICO had reached an agreement for Google's global operations and "not just its UK activities".Graham said the ICO will be keeping "a close watch" on Google's progress and will follow up with an audit.
"Meanwhile, I welcome the fact that the WiFi payload data that should never have been collected in the first place can, at last, be deleted," he said.In the undertaking, Google said the vehicles "had been adapted to collect publicly available wi-fi radio signals, [and] had mistakenly collected payload data, likely to include a very limited quantity of emails, URLs and passwords".