Internet giant Google has been threatened with criminal proceedings after further personal data unlawfully collected from unsecured WiFi networks by its Street View cars were discovered, the Information Commissioner's Office has said.
The ICO handed the US multinational an enforcement notice demanding that it destroy four discs containing information it took from unsecured WiFi networks.
In November 2010, the ICO ordered Google to destroy all data obtained in this way but in February 2012 the company discovered further discs of UK data that had not been deleted.
The ICO understands the additional discs had been kept in "quarantine cages" and had not been accessed. It has now warned Google that failure to comply with the legal order will be considered as contempt of court, which is a criminal offence.
While it did not issue a "monetary penalty" the ICO said it would "not hesitate to take action" if Google was found to be at fault again.
Between 2008 and 2010 Google's Street View cars collected data including names, passwords, emails and other personal information from millions of unencrypted WiFi networks.
Google initially blamed the data capture on a lone rogue engineer, but the FCC said in 2012 that some managers at the company knew about the problem, but did not act quickly enough to stop it.
Google has always maintained that the project leaders did not want to collect the data, and never used it. In November 2010, the ICO ordered Google to destroy all data obtained in this way but in February 2012 the company discovered further discs of UK data that had not been deleted.
Most recently the search giant was fined €150,000 in Germany, following similar penalties in France and a settlement - reported to be as high as $7 million - that was reportedly paid to the US government earlier this year.
READ MORE: The ICO's Enforcement Notice In Full
Stephen Eckersley, ICO Head of Enforcement, said:
“Today’s enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further disks are found. Failure to abide by the notice will be considered as contempt of court, which is a criminal offence.
The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information. The punishment for this breach would have been far worse, if this payload data had not been contained."
A Google spokesperson said that it had already tightened up its systems to address the issue, but would "cooperate fully" with the ICO.
"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.
“We cooperated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."
But campaigners said Google had escaped with a "slap on the wrist".
Nick Pickles, director of privacy campaign group Big Brother Watch, said: "Google collected information it was not entitled to, infringing people's privacy on a huge scale, then said it had deleted the data when it had not.
"The basis of privacy law is that companies do not collect our information without our permission.
"This episode is worryingly close to severely undermining this principle and setting a precedent that companies can collect data illegally and not face any action if they promise to delete it later on.
"People will rightly look at the UK's approach to this issue and ask why, given regulators in the US, Germany and other countries have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain. Is our privacy somehow less worthy of protection?"