ICO revives probe into Google's data harvesting

ICO revives probe into Google's data harvesting

Summary: The UK privacy watchdog has said it will re-examine the data Street View cars gathered from people's Wi-Fi networks after Google admitted it had collected emails, passwords and other details

TOPICS: Security

The UK's privacy watchdog has said it will re-examine the data gathered by Google's Street View cars after the search and advertising giant admitted that it had collected passwords and emails from unsecured Wi-Fi networks around the world.

Google said in a blog post on Friday that it had collected details of people's passwords, the websites they had visited and whole emails during its interception of unencrypted Wi-Fi data from Street View cars.

"It's clear from... inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," wrote Google's senior vice president of engineering and research Alan Eustace in the post.

ZDNet UK blogs

Google Instant or Google Stupid?

Google Instant is the latest in a string of bad decisions by Google, says Jack Schofield

Read blog +

On Monday, the Information Commissioner's Office (ICO) said that it was going to take another look at the UK data collected by Google. In July, the privacy authority found that the Wi-Fi data collected by Google in the UK was not significant, after examining samples provided by the company.

"Whilst the information we saw [in July] did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts,‬" the ICO said in a statement. "Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured.

"We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers,"‬ the ICO added.

Those enforcement powers would allow the ICO to refer Google to parliament if it was found to have broken UK data-protection law, a spokesman for the privacy authority told ZDNet UK. However, it would not be able to impose a fine of up to £500,000, as that sanction was granted to the ICO after its Google investigation began, he added.

Deputy information commissioner David Smith will now review data collected by Google, but the ICO has not decided whether it will call for new samples or whether it will re-examine the data supplied in July. However, the July data was fragmentary, according to the office's spokesman. The data-protection authority could potentially review all of the UK data held by the company, depending on the outcome of similar investigations being carried out by the ICO's counterparts around the world.

A number of countries have investigated Google over its Street View data collection. French data-protection authorities said in June that the company had collected passwords and fragments of emails, and Canada ruled in October that it had violated Canadian law. Seven countries have now concluded their investigations, according to Google.

Google regrets having collected passwords and emails, the company's director of privacy Alma Whitten reiterated in a statement on Monday.

"We are profoundly sorry for having mistakenly collected payload data from unencrypted networks," said Whitten. "As soon as we realised what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities. This data has never been used in any Google product and was never intended to be used by Google in any way."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I wonder if the ICO will remove the blinkers when it takes this second look?
  • What a load of cobblers! Google's just dissembling, to put it politely. How could this be a mistake attributed to a single individual; and haha that they had no intentions to use the information gathered - that is, before they were caught out and not, as claimed, when they discovered 'mistake' themselves and reported it on their own initiative.
    The Former Moley
  • Goggle snaffling a few unguarded communications isn't nearly as big a worry as our "government" planning on eavesdropping on ALL our emails and instant messages, and goodness knows what else. http://www.openrightsgroup.org/blog/2010/government-web-snooping-back-on-the-cards
    Remember the quote, "Eavesdroppers rarely hear anything good... Especially about themselves."