Google snooping probe takes another twist as 'deleted' data returns

Google snooping probe takes another twist as 'deleted' data returns

Summary: Google has found UK Street View data it was supposed to have deleted in 2010, giving the Information Commissioner's Office an opportunity to examine the data to determine whether it harvested any UK citizens' personal information

SHARE:
TOPICS: Security, Google
6

Google has discovered it is in possession of payload data it should have deleted, collected from unsecured UK Wi-Fi networks as part of its Street View operation.

The discovery comes after the Information Commissioner's Office (ICO) reopened an investigation last month into whether the search and advertising giant had gathered personal information from home and other Wi-Fi networks while Street View cars were driving around neighbourhoods collecting photos for the mapping service.

Google Street View car
Google has discovered a stash of Street View data that was supposed to have been deleted in 2010. Image credit: CNET Asia

"Earlier today Google contacted the ICO to confirm that it still had in its possession some of the payload data collected by its Street View vehicles prior to May 2010," the ICO said in a statement. "This data was supposed to have been deleted in December 2010. The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010."

The Street View data unearthed by Google will now be forensically examined by, or on behalf of, the ICO in order to determine whether personal information was harvested, an ICO spokesman told ZDNet on Friday.

Depending on whether harvesting took place, and whether Google has breached its undertaking, the ICO has a number of enforcement options open to it, up to and including a civil monetary penalty.

Data discovery

Google's possession of the data came to light after global privacy counsel Peter Fleischer sent an email to the ICO on Friday saying the company had found "a small portion of payload data" during a manual Street View disk inventory conducted in recent months.

"In conducting that review, we have determined that we continue to have payload data from the UK and other countries," said Fleischer. "We are in the process of notifying the relevant authorities in those countries."

Fleischer requested that Google be able to delete the new data, an option that was turned down by ICO head of enforcement Steve Eckersley.

Read this

Google explains why Street View cars record Wi-Fi data

In a letter to data protection authorities across Europe, Google said it needs to record houses' Wi-Fi data to help it provide location-based services

Read more+

"I ask that the data be stored securely until such time as we can complete our examination," Eckersley said in a response. "Could you please start the arrangements to enable us to examine the data as soon as practicable."

The ICO will now work with European colleagues through the Article 29 Working Party, and colleagues from the Global Privacy Enforcement Network (GPEN), to co-ordinate investigations, the ICO said in a statement.

"We are looking at how to respond, and how to co-ordinate responses," an ICO spokesman told ZDNet UK.

ZDNet UK understands that the ICO is working with colleagues from Australia and France, and that other countries that may be affected include Ireland and the Netherlands.

Google was supposed to turn over all of its UK data for deletion, and employed risk management company Stroz Freidberg to complete the task in 2010, after getting the green light from the ICO to delete the data.

Topics: Security, Google

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Of course it returned

    I agree that Google genuinely had no problem deleting the data it had collected, and wouldn't collect data again in the future.

    The thing is that Google probably wanted to mine the data they had, as they had it anyhow, why not see what it would provide. They probably just weren't done mining it yet.
    William Farrel
    • Yes, Will

      "The thing is that Google probably wanted to mine the data they had, as they had it anyhow, why not see what it would provide?"

      Er, because they promised they wouldn't and, more to the point, it was illegal.
      jgpmolloy
      • Then why did it appear again?

        they also promised to delete it, and yet it is here again.

        :|
        Tim Cook
  • A whistleblower probably caught them

    examining the mined data. They just hadn't finished alienating peoples rights to privacy before the delete data date.
    partman1969@...
  • Google snooping probe takes another twist

    Hey! Did you guys know that "Google snooping probe takes another twist" I think every ZDNet employee has posted this same headline! Yes they should have gotten rid of it they did not and will get a fine they will have to pay and that will be that. They should be fined to the point they will not do it ever again so we will not have to read about ever again!
    imsimsj
  • ...

    Take one mole hill, add dirt, make mountain.
    Scarface Claw