Google StreetView Data Collection Still Cause for Concern – Not All Was Deleted

By Alexandra Burlacu | Jul 28, 2012 12:16 PM EDT

Previous image Enlarge Close Next image

Share This Story

The great controversy surrounding Google's "accidental" collection of personal data through its Street View mapping service may have cooled off, but has now taken another twist. According to information posted Friday, July 27, by a UK regulator, Google has acknowledged it still retained a "small portion" of the user data collected through unsecured Wi-Fi home networks, even after it was ordered to delete all of it.

The Information Commissioner's Office (ICO), the regulator overseeing data privacy in the UK, said it now plans to examine the data "as soon as practicable." The data could include sensitive information such as passwords and email correspondence. "The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010," the ICO said in a statement. "The ICO has always been clear that this should never have happened in the first place and the company's failure to secure its deletion as promised is cause for concern."

In a letter to the UK regulator, Google Global Privacy Counsel Peter Fleischer acknowledged that the search giant "has recently confirmed that it still has in its possession a small portion of payload data collected by our Street View vehicles in the U.K." Fleischer also noted that Google still has user data from the UK "and other countries."

"Google apologizes for this error," added Fleischer, without providing details about why the company failed to destroy the data. Google "would now like to delete the remaining U.K. data, but would like your instructions on how to proceed. We are prepared to arrange for you to review this data, or to destroy it," wrote Fleischer in his letter to the ICO.

The search giant said it had stumbled upon the files from the UK, Ireland, France, Belgium, the Netherlands, Sweden, Norway, Finland, Switzerland, Austria, and Australia during a "comprehensive manual review."

How It All Started

Google mounts detection equipment and cameras on its Street View vehicles to help keep its maps service up to date with location photos and information. Back in 2010, the search giant made the shocking announcement that it had "accidentally" collected user data through those cars' equipment that scanned wireless networks, including e-mail messages. Google blamed a single engineer for writing computer code that was later uploaded inadvertently into the company's scanning equipment. The announcement, however, prompted great controversy and investigations by privacy regulators in several countries, including the U.S. and the UK.

Back in April, the U.S. Federal Communications Commission (FCC) fined Google $25,000 for its "non-compliance" with its requests for related information. "For many months, Google deliberately impeded and delayed the Bureau's investigation by failing to respond to requests for material information," the Commission said at the time. In 2010, the FCC had concluded a probe into the matter without penalizing the search giant.

The UK's ICO, meanwhile, ordered Google to destroy all user data it had collected in 2010. Google signed an agreement at the time and pledged to delete the data, while also committing to new security training for employees. According to the ICO's statement, the regulator has been in contact with "other data protection authorities in the EU and elsewhere" regarding the Google issue, aiming to issue a coordinated response. "This information should never have been collected in the first place," said the regulator.

Google has consistently maintained the collection was unintentional and that the data has never been used commercially. Although, the ICO found the data collection was illegal and forced Google to amend its policies and practices, it did not impose any major penalties.