ICO revives probe into Google's data harvesting

The UK privacy watchdog has said it will re-examine the data Street View cars gathered from people's Wi-Fi networks after Google admitted it had collected emails, passwords and other details
Written by Tom Espiner, Contributor on

The UK's privacy watchdog has said it will re-examine the data gathered by Google's Street View cars after the search and advertising giant admitted that it had collected passwords and emails from unsecured Wi-Fi networks around the world.

Google said in a blog post on Friday that it had collected details of people's passwords, the websites they had visited and whole emails during its interception of unencrypted Wi-Fi data from Street View cars.

"It's clear from... inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," wrote Google's senior vice president of engineering and research Alan Eustace in the post.

On Monday, the Information Commissioner's Office (ICO) said that it was going to take another look at the UK data collected by Google. In July, the privacy authority found that the Wi-Fi data collected by Google in the UK was not significant, after examining samples provided by the company.

"Whilst the information we saw [in July] did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts,‬" the ICO said in a statement. "Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured.

"We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers,"‬ the ICO added.

Those enforcement powers would allow the ICO to refer Google to parliament if it was found to have broken UK data-protection law, a spokesman for the privacy authority told ZDNet UK. However, it would not be able to impose a fine of up to £500,000, as that sanction was granted to the ICO after its Google investigation began, he added.

Deputy information commissioner David Smith will now review data collected by Google, but the ICO has not decided whether it will call for new samples or whether it will re-examine the data supplied in July. However, the July data was fragmentary, according to the office's spokesman. The data-protection authority could potentially review all of the UK data held by the company, depending on the outcome of similar investigations being carried out by the ICO's counterparts around the world.

A number of countries have investigated Google over its Street View data collection. French data-protection authorities said in June that the company had collected passwords and fragments of emails, and Canada ruled in October that it had violated Canadian law. Seven countries have now concluded their investigations, according to Google.

Google regrets having collected passwords and emails, the company's director of privacy Alma Whitten reiterated in a statement on Monday.

"We are profoundly sorry for having mistakenly collected payload data from unencrypted networks," said Whitten. "As soon as we realised what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities. This data has never been used in any Google product and was never intended to be used by Google in any way."

Editorial standards