ICO Reopens Google Street View Data Slurping Inquiry

The Information Commissioner’s Office (ICO) has reopened its investigation into the Google Street View Wi-Fi data slurping case, after reviewing the controversial findings of the US Federal Communications Commission (FCC) report into the saga.

Google was fined $25,000 by the FCC in April for collecting payload data on its Street View rounds. The FCC investigation found the engineer who created the Wi-Fi data grabbing code in 2006 told co-workers about what he was doing.

Initially, it was understood that a limited amount of data was taken during the Street View rounds, including some email content, URLs visited by users as well as passwords. The FCC report showed other data that Google took included medical listings, information in relation to online dating, visits to pornographic sites and data contained in video and audio files.

An angry letter

Having indicated it would not be chasing Google again, the ICO’s head of enforcement Steve Eckersley has sent a letter to the tech firm, saying it “seems likely that such information was deliberately captured during the GSV operations conducted in the UK.”

“However, during the course of our investigation we were specifically told by Google that it was a simple mistake and if the data was collected deliberately then it is clear that this is a different situation than was reported to us in April 2010,” Eckersley wrote.

The ICO is after an explanation from the tech giant as to why it was not told the additional data was gobbled up by Google’s cars during the watchdog’s initial investigation in 2010.

It wants Google to list “precisely” the kinds of personal data that was taken in the UK and at that point Google managers became aware of the kind of information that was being grabbed. The data protection watchdog wants to know what technological or organisational measures were used to limit data collection.

The ICO has also demanded copies of the original design documents for the code that was designed to capture the payload data, along with more details on processes after managers learned of the engineer’s software.

‘Trampling on people’s privacy’

Privacy campaigners are calling on the ICO to take a harder line with Google this time around, having come in for criticism during the initial investigation. The saga appeared to be over in the UK when Google got off with an undertaking in 2011, in which it promised to make improvements to its privacy procedures. The ICO can fine companies who breach the Data Protection Act up to £500,000.

Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, said the ICO was “absolutely right to re-open the investigation and must now take every step to get to the bottom of just how many British people’s privacy was trampled on by Google”.

“It is also essential that Google explain why the explanation it gave in 2010 and the data prepared for the ICO deliberately concealed what had really happened,” Pickles told TechWeekEurope.

“The investigation must now be pursued with the vigour sadly lacking in 2010 and every effort made to ensure that Google answers the extremely important questions that it has so far avoided.  Breaching the Data Protection Act is a criminal offence and the law should be applied to Google in the same way as any other company or individual.”

A Google spokesperson said the company was “happy to answer the ICO’s questions”. “We have always said that the project leaders did not want and did not use this payload data. Indeed, they never even looked at it,” the spokesperson added.

Are you a privacy buff? Try our quiz!