Since 2007 Google has taken street view photos of cities all over the world. In connection with this street view photo documentation Google has also collected names of the wi-fi hotspots, MAC-Addresses from connected devices and, in particular, user data from unsecured hotspots. After Google revealed these facts in May 2010, the ICO demanded Google delete the data but the ICO has not announced further sanctions.
On July the 29th 2010 the ICO released the following statement:
“The ICO has visited Google’s premises to assess samples of the ‘pay-load’ data it inadvertently collected. Whilst Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgement as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion. The information we saw does not include meaningful personal details that could be linked to an identifiable person [So much for harmonisation of EU data protection law. The Hamburg data protection authority is evidently taking a different view, by continuing to pursue the matter in Germany]. As we have only seen samples of the records collected in the UK we recognise that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals [Datonomy imagines that even in the current environment of stretched resources, this issue is sufficiently important that the ICO is comparing notes with the Hamburg authority]. However, on the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data. There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment [Relevant from a practical perspective (if true), but not the legal test]. Nevertheless it was wrong to collect the information [Agreed. Datonomy is still a little unclear how long it look Google to notice, and act upon, what must have been very substantial amounts of data being accidentally collected]. We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts’ investigations.” [We look forward to an update after the summer break].
Meanwhile the “Big Brother Watch – Campaign” from the founder of the Tax Payers’ Alliance has called it a “farcical” statement:
“The Information Commissioner popped along to see Google about their wi-fi data snatching the other day, had a jolly peek at what Google showed them and decided there was “nothing to see here, move along, move along…” A banal statement was issued, effectively letting Google off the hook.”
Three weeks ago Google sent their cars back out onto the streets.