ICO reopens Google Streetview case

Google Streetview CarI had intended to write about Apple’s World Wide Developer Conference today, but we’ll get to that later. Instead, the news that the UK’s Information Commissioner has decided to reopen a case against Google caught my eye.

You might remember that Google was caught out having “accidentally” gathered data from unsecured WiFi networks while their Streetview cars were mapping towns and cities. The Information Commissioner (ICO) got involved in that incident, but dropped the investigation after Google said only limited data had been gathered, and it wasn’t deliberate.

Since then, the US Federal Communications Commission (FCC) has concluded that the code designed to gather that additional data was deliberately written, and that the engineer who wrote it informed a senior manager about it. That engineer also gave the Streetview team a document detailing what work he had done on the project. The ICO has decided, in the light of the FCC report, that this no longer looks like a simple mistake. Rather, it looks like the data was gathered deliberately and with the knowledge of Google management.

The information that’s been gathered is also a bit hairy – IP addresses, full user names, telephone numbers, complete email messages, email headings, instant messages and their content, logins, medical listings and legal infractions, information relating to online dating and visits to pornographic sites, and data contained in video and audio files.

What next?

The ICO is asking Google to provide them with some information:

  1. What kind of personal and sensitive data was captured in the UK.
  2. At what point Google managers became aware of the type of data being gathered, and what was done to limit its collection.
  3. Why the sorts of data mentioned above weren’t included in a data sample given to the ICO.
  4. At what point the senior managers within Google knew what the data gathering code was doing.
  5. Copies of the original design document for the data gathering software, along with any subsequent updates.
  6. An outline of the privacy concerns identified by Google managers once they knew about this practice, and what decisions were made to either continue or terminate it.
  7. What measures were introduced to prevent breaches of the Data Protection Act.
  8. A certificate of destruction relating to the captured data.

Google have said they are happy to answer the ICO’s questions, but I would guess that some will be wondering whether those questions will be answered truthfully.

What do you think?

This one just doesn’t seem to be going away. What do you think about it all? I’d love to know your thoughts in the comments.

[source: ZDNet]

Post image by FanIntoFlames – used under Creative Commons License.

More Google StreetView shenanigans

The Google StreetView soap opera just rolls on and on… In case you’ve missed the build-up, check out these two articles:

The BBC reported on Friday of last week that Google (UK) would be deleting the WiFi data accidentally gathered by their StreetView cars. The Information Commissioner seems happy with this and has stated that no further investigation will be required. Additionally, no fine will be levied against Google for the breach. Interestingly, though, the Information Commissioner’s Office has just imposed its first two fines against other organisations.

Things have taken a bit of a bizarre twist in Germany, though. Google was required to give people the opportunity to have their homes blurred on StreetView before the service went live, and almost a quarter of a million Germans asked for that to happen. So far so good, but some of the people of Essen who have requested their home to be blurred have experienced vandalism, including having eggs thrown at their homes and signs pinned to the door saying “Google’s Cool”. How strange…

So what will happen next in the Google StreetView drama? Will opposition to the service grow? Will pro-Google vigilantes hunt down dissenters worldwide, forcing them to live in safe-houses for their own protection? And when will Google discover that Facebook is having an affair with MySpace? Tune in next time to find out ;)

Post image by FanIntoFlames – used under Creative Commons License.

Google in “significant breach” of Data Protection Laws

This story just doesn’t seem to want to go away. Google admitted in May that it had been accidentally collecting personal data from unsecured networks when mapping towns for StreetView.

It all kicked off when the German authorities asked Google to audit its data. It probably couldn’t have been worse, as the Germans are notoriously strict on privacy. Next came Canada who determined that Google had breached its privacy laws, and now the UK Information Commissioner’s Office has said Google has committed a “significant breach” of the data protection laws.

And the outcome? Will Google be fined, as the Information Commissioner can require? No – the ICO will audit Google’s data protection practices and policies. I guess this is seen as a more constructive course of action than a simple fine, but you do have to wonder whether it will make any difference.

What do you think about this? Is Google being let off the hook? Is this the precursor to more strict controls? Tell us your thoughts in the comments.

[via BBC News]

Post image by FanIntoFlames – used under Creative Commons License.