Privacy & Information Security Law Blog

On November 19, 2010, the UK Information Commissioner’s Office (the “ICO”) announced that Google has signed an undertaking committing it to improve its data processing practices.  The undertaking follows an ICO investigation into the collection of payload data by Google Street View cars in the UK.  Google’s Senior Vice President, Alan Eustace, signed the undertaking on behalf of Google, Inc.

In addition to Google’s commitment to improve staff training and awareness of data protection issues, the undertaking requires Google to facilitate a consensual audit by the ICO of Google’s internal privacy structure, privacy training programs and its privacy reviews for products.  Prior to any audit, Google must conduct an assessment and submit a confidential Privacy Report analyzing the company’s implementation of the privacy process changes it outlined in its October 22, 2010 blog post, to the extent that the changes apply to Google’s UK operations.  The ICO may validate the Privacy Report’s accuracy and findings with an in-person review at Google’s U.S. headquarters and the offices of its UK subsidiary.

Information Commissioner Christopher Graham stated, “It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities.”

View Google’s undertaking.  Read our previous comments on the ICO’s investigations concerning Google Street View.