22 June, 2013

Street View: Google given 35 days to delete wi-fi data

Street View: Google given 35 days to delete wi-fi data
Google's adapted Street View cars were also collecting information from unsecured wireless networks in towns and cities
Related Stories
Google staff 'knew of snooping'
Google fined in Street View probe

Google has been given 35 days to delete any remaining data it "mistakenly collected" while taking pictures for its Street View service, or face criminal proceedings.

But the UK Information Commissioner's Office did not impose a fine.

Its investigation into Google reopened last year after further revelations about the data taken from wi-fi networks.

During that inquiry, additional discs containing private data were found.

Google had previously pledged to destroy all data it had collected, but admitted last year that it had "accidentally" retained the additional discs.

The ICO has told the search giant it must inform it if any further discs of information are discovered.

'Serious lack of oversight'

"Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found," said Stephen Eckersley, the office's head of enforcement.

What did Google do wrong?

Google Street View, which launched in 2007, has been one of the search company's most ambitious projects to date.

Using specially-adapted cars, it created panoramic images of more than five million miles of the world's roads.

But it was during that process, in 2010, when one unnamed Google engineer wrote a piece of software that would pull data from the unsecured wi-fi networks the car encountered as it drove through towns and cities.

The data included personal emails and other sensitive information.

Google has said it did not plan to collect this data, and that the engineer was acting independently. However, it later transpired that at least one senior manager at the company was aware the collection was taking place.

To date, various regulators around the world have for the most part agreed with this assertion, concluding that the "mistakenly" gathered data was a result of sloppy management at a low level, rather than misguided direction from the top.

"Failure to abide by the notice will be considered as contempt of court, which is a criminal offence."

However, unlike authorities in the US, the ICO said it would not be issuing a fine.

"The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty," it said.

It concluded that the collection of the data in 2010 was due to "procedural failings and a serious lack of management oversight", but agreed with Google's assertion that the company did not order the actions at a corporate level.

In a statement on Friday, Google said: "We work hard to get privacy right at Google.

"But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.

"We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."

'Impeded and delayed'

Inquiries into Google's data gathering began in 2010 when it emerged an engineer had written software code to gather information from unsecured wi-fi networks.

Cars taking pictures for the company's massively popular Street View service were used to capture the information.

The company was fined by $25,000 (£15,700) by the US Federal Communications Commission in April last year.
Continue reading the main story
“Start Quote

Is our privacy somehow less worthy of protection?”Nick PicklesBig Brother Watch

The FCC levelled heavy criticism at the company, saying it had "deliberately impeded and delayed" the investigation for months.

Its investigation found that data had been discovered in 30 countries, and included "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".

'Setting a precedent'

The engineer told the FCC that at least two other Google employees, one a senior manager, knew about the data gathering.

Nick Pickles, director of the privacy campaigners Big Brother Watch, criticised the ICO decision.

"People will rightly look at the UK's approach to this issue and ask why, given regulators in the US and Germany have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain.

"Is our privacy somehow less worthy of protection?"


1 comment:

Samotalis said...

It is the first win for human rights quite a while. Personal data is simply personal and ought to be respected as such. No one gave permission to Google for taking ones pictures while walking down the street.