I had intended to write about Apple’s World Wide Developer Conference today, but we’ll get to that later. Instead, the news that the UK’s Information Commissioner has decided to reopen a case against Google caught my eye.
You might remember that Google was caught out having “accidentally” gathered data from unsecured WiFi networks while their Streetview cars were mapping towns and cities. The Information Commissioner (ICO) got involved in that incident, but dropped the investigation after Google said only limited data had been gathered, and it wasn’t deliberate.
Since then, the US Federal Communications Commission (FCC) has concluded that the code designed to gather that additional data was deliberately written, and that the engineer who wrote it informed a senior manager about it. That engineer also gave the Streetview team a document detailing what work he had done on the project. The ICO has decided, in the light of the FCC report, that this no longer looks like a simple mistake. Rather, it looks like the data was gathered deliberately and with the knowledge of Google management.
The information that’s been gathered is also a bit hairy – IP addresses, full user names, telephone numbers, complete email messages, email headings, instant messages and their content, logins, medical listings and legal infractions, information relating to online dating and visits to pornographic sites, and data contained in video and audio files.
The ICO is asking Google to provide them with some information:
- What kind of personal and sensitive data was captured in the UK.
- At what point Google managers became aware of the type of data being gathered, and what was done to limit its collection.
- Why the sorts of data mentioned above weren’t included in a data sample given to the ICO.
- At what point the senior managers within Google knew what the data gathering code was doing.
- Copies of the original design document for the data gathering software, along with any subsequent updates.
- An outline of the privacy concerns identified by Google managers once they knew about this practice, and what decisions were made to either continue or terminate it.
- What measures were introduced to prevent breaches of the Data Protection Act.
- A certificate of destruction relating to the captured data.
Google have said they are happy to answer the ICO’s questions, but I would guess that some will be wondering whether those questions will be answered truthfully.
What do you think?
This one just doesn’t seem to be going away. What do you think about it all? I’d love to know your thoughts in the comments.
Post image by FanIntoFlames – used under Creative Commons License.