Google is facing a fresh privacy blunder after it admitted it had not deleted all of the private data, including emails and passwords, it secretly collected from internet users around the UK.
The search giant was ordered in December 2010 to delete the private information hoovered up by its Street View cars from open Wi-Fi networks.
But on Friday Google told the Information Commissioner’s Office that human error prevented it from erasing the data, which could include the emails and passwords of millions of Britons.
Google admitted in May 2010 its Street View cars had mistakenly collected private information as they photographed homes and landmarks around the world.
It is not known exactly what private information was taken in the UK, but regulators in the US found traces of medical records and web browsing history among the so-called “payload” data.
The news that Google has not purged all of the data taken from UK users 19 months after it was instructed to do so will cause further embarrassment for the company.
On Friday, the ICO said the retention of the data appeared to be a breach of the undertaking signed by Google in December 2010.
A spokesman for the ICO said it would now conduct a forensic analysis of the data, meaning Google could be fined up to £500,000 if the material is found to be in breach of the Data Protection Act.
The company will be one of the first to have breached an undertaking by the ICO if the data is found to be in breach of the DPA.
The ICO said in a statement: “The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern.”
Google’s global privacy counsel, Peter Fleischer, apologised for the error in a letter to the ICO on Friday. Google declined to comment beyond the letter, which was published on the ICO website.
The technology company is already being investigated by the ICO over claims it orchestrated a cover-up of the data collection in 2010.
Google declined to say when it realised it had not deleted all of the data.
Nick Pickles, director of privacy at the pressure group Big Brother Watch, said Google should never have been ordered to erase the information in the first place.
“We now have an opportunity to explore just how sensitive the information was,” he said.
“Given that Google failed to respect people’s privacy in the first place and subsequently failed to adhere to its agreement with the information commissioner, serious questions need to be asked to understand why Google seemingly sees itself as above the law.
“The information commissioner is hampered by a woeful lack of powers and is forced to trust organisations to tell the truth. Given Google’s behaviour has called into question if that really is a proper way to protect our personal data, it must be right to now demand a proper regulator with the powers and punishments to fully protect British people’s privacy.”