Google has sent an explanatory letter to the UK's privacy watchdog after it emerged that the company had sniffed and logged the Wi-Fi addresses of citizens across the country.
The letter was sent to the Information Commissioner's Office (ICO) and other data protection authorities across Europe on Tuesday.
Last week, German data protection commissioner Peter Schaar expressed dismay at the news that Google's Street View cars had been registering Wi-Fi data from people's routers as the cars drove around taking photographs for Google Maps. The cars collected media access control (MAC) addresses and service set identifiers (SSIDs). Subsequently, Google said it was doing the same thing in the UK, prompting the ICO to seek an explanation.
"The data which we collect is used to provide location-based services within Google products and to users of the Geolocation API," Raphael Leiteritz, Google product manager, wrote in the letter. "For example, users of Google Maps for Mobile can turn on 'My Location' to identify their approximate location based on cell towers and Wi-Fi access points which are visible to their device."
The company said the Wi-Fi data could help provide location-based services to people whose phones do not have GPS, for example.
According to the letter, Google uses two pieces of the data collected during the driving operation: the MAC address of each access point and the GPS co-ordinates of the vehicle at the point at which the access point was visible.
When someone uses a location-based service based on Google's database, the company explained, the user's device "sends a request to the Google location server with a list of MAC addresses which are currently visible to the device". The server then correlates the addresses with those on its own list, returning latitude and longitude co-ordinates that are used to calculate the user's approximate location.
On Tuesday, Google privacy chief Peter Fleischer wrote a blog post suggesting that Google had "talked about the collection of Wi-Fi data a number of times before". In this phrase, he linked through to two earlier Google blogs, both of which referred to Google's geolocation services, but neither of which referred to Wi-Fi data.
"[Street View cars] collect the following information — photos, local Wi-Fi network data and 3-D building imagery," Fleischer wrote. "This information enables us to build new services and improve existing ones. Many other companies have been collecting data just like this for as long as, if not longer, than Google."
Fleischer said the geolocation firm Skyhook already collected Wi-Fi network data globally. He said collecting MAC addresses and SSIDs did not let Google identify an individual, and the company did not collect any information about householders.
Google did not inform data protection authorities of its Wi-Fi data collection programme, Fleischer said, because "it was unrelated to Street View" and such data was already "accessible to any Wi-Fi-enabled device". He added Google does not publicly disclose MAC addresses from its database.
In its explanatory letter to data protection authorities, Google stressed that it "never collects the content of any communications" from people's Wi-Fi transmissions. "In addition, the operator of the access point can choose to restrict the SSID from broadcast, and in many cases this will mean that the SSID is not received," the company wrote.