Google will be investigated by more European countries, including France and Czech Republic, after revealing that it accidentally collected data from unsecured WiFi networks while photographing streets around the world for its Street View application. British regulators have asked that the data, which potentially includes passwords and browsing history, be deleted as soon as possible. In the United States, a pair of lawmakers asked the FTC to investigate whether Google violated any laws when its Street View cars snatched information from those WiFi networks.
Google has found itself facing additional controversy in Europe, as Spain,
France and the Czech Republic all announced investigations May 20 into the
inadvertent collection of data by the search engine giant's Street View cars.
That follows news that Germany
and Italy will launch
their own inquiries into Google and the Street View service, which uses
vehicles equipped with cameras to capture an eye-level view of local terrain
In the course of that driving around and image taking, the Street View cars
managed to obtain 600GB of "payload data" from unsecured WiFi networks. The
data could consist of anything from e-mails and passwords to more personal
That follows news that two U.S. representatives-Joe Barton,
R-Texas, and Edward Markey, D-Mass-asked the FTC (Federal Trade
Commission) in a letter if Google violated laws in the course of its Street
View cars' data collection. The lawmakers said they want a response by
That letter, which
can be found here
, asks if the FTC chairman is investigating the matter; it
also offers five multipart questions, including "Do Google's data protection
practices with respect to Wi-Fi networks violate the public's reasonable
expectation of privacy? Did Google collect passwords associated with Internet
usage by customers?"
But the European reaction to the data collection seems more severe. Viviane
Reding, justice commissioner for the European Union in Brussels,
wrote in a statement sent to eWEEK May 18 that it "is not acceptable that a
company operating in the EU does not respect EU rules." Reding also suggested
that the processing of personal data by Google Street View apparently falls
under the umbrella of the EU's Data Protection Directive 95/46/EC and is
therefore subject to its provisions.
European regulators have a history of taking particularly aggressive action
against large technology companies-including Microsoft and Oracle-seen as
overstepping their bounds with regard to privacy and antitrust. Microsoft
recently introduced a "Web browser choice screen" to European Windows users,
after the European Commission, the EU's antitrust regulatory body, expressed
concerns about the potentially anti-competitive aspects of bundling Internet
Explorer with the operating system. The danger for those companies, of course,
is that such investigations and actions have the potential to not only lead to
millions of dollars in fines and losses, but also disrupt their strategy in
various market segments.
While some countries have launched investigations into Google Street View,
others have moved to see the captured data deleted outright.
"In such circumstances there does not seem to be any reason to keep the data
concerned for evidential purposes," the British Information Commissioner's
Office said, as
quoted by The New York Times May 20
. "Therefore, in line with the data
protection requirement that personal data should be held for no longer than
necessary, we have asked Google to ensure that these data are deleted as soon
as reasonably possible."
For its part, Google has made public noises of apology for the debacle.
"Maintaining people's trust is crucial to everything we do, and in this case
we fell short," Alan Eustace, Google's senior vice president
of engineering and research, wrote
in a May 14 posting on the Official Google Blog
. "Given the concerns
raised, we have decided that it's best to stop our Street View cars collecting
WiFi network data entirely."
four hard drives hosting payload data have apparently been destroyed.
"We can confirm that all data identified as being from Ireland
was deleted over the weekend in the presence of an independent third party,"
Eustace wrote in a May 17 update to that original blog posting. "We are
reaching out to Data Protection Authorities in other relevant countries about
how to dispose of the remaining data as quickly as possible."