The row over the fact that Google’s Streetview cars were also listening in on people’s wireless networks took another turn yesterday, with the UK’s Information Commissioners Office saying it paid Google a visit to see the data for itself.
The fact the cars were also ‘sniffing’ for wireless networks came to light after detailed inquiries by German authorities. Investigations followed in many other countries, and in May the UK’s privacy watchdog the Information Commissioner’s Office ordered Google to delete any data that the firm had captured while ‘listening in’ to people’s wireless networks as the Streetview cars went by their houses.
Given that the firm was asked to delete the data in May – when the ICO also said that it was unlikely to investigate further as the data did not contain meaningful personal data – it seems odd that the ICO has said in a statement that it paid Google a visit on July 15 to take a look at the data for itself.
Confirming that the data is free of ‘meaningful personal details’, the ICO said: "Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgement as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion. The information we saw does not include meaningful personal details that could be linked to an identifiable person."
The ICO admits it did not look at all 19 million pieces of data that Google says it captured, and it said it wouldn’t be attempting to, either: "As we have only seen samples of the records collected in the UK we recognise that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," said the ICO statement. "However, on the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data."
When the wi-fi ‘snooping’ first came to light Google said it had been capturing the information by mistake after a "programming error". It said fragments of wi-fi data were intercepted for periods of 200 milliseconds at a time. But then in a later letter to data protection authorities across Europe, Google said it needs to record houses’ wi-fi data to help it provide location-based services.
From where I’m standing, a number of questions remain:
- Why did Google initially say it was a programming error, and later say that it was intentional? Google at first said it didn’t realise it was sniffing packets of data on unsecured wi-fi networks in dozens of countries for the last three years, until German privacy authorities began questioning what data Google’s Street View cameras were collecting.
- Why did Google not delete the information in May, as it had been requested by the ICO?
- Why did the ICO only ask to see samples of the data after privacy advocates kept up the pressure on it to investigate further – what was the reason for the delay from May to July 15?
I don’t think Google has come out of this eipsode particularly well, but it seems the ICO isn’t exactly winning points for efficiency here, either.