Google said Friday that an audit showed that it was collecting Wi-Fi data, including sites consumers visited, from its Street View cars that compile data for Google Maps and other services.
In a blog post, Google said that the data protection authority (DPA) in Hamburg, Germany asked for the audit. Since the request, Google looked at all the data it was collecting. Google initially said that it collected public SSID data and MAC addresses but didn't grab information sent over a network. However, Google realized it was collecting payload data even though it never used it in a product.
Usually, Google only got fragments of payload data---sites you visit and other items---because Street View cars were on the move.
Add it up and it's a big mistake:
In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data. A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.
As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it.