Google is back under the watchful eyes of the U.K. data protection agency, the Information Commissioner's Office (ICO), following an FCC report claiming Google was aware of an engineer's code that collected more data than perhaps was necessary.
You'd probably think the engineers were wondering why the hard drives in the cars needed changing more often than the cars themselves needed refueling.
Now so are the U.K. data authorities.
The ICO's head of enforcement Steve Eckersley sent a sternly-written letter [PDF] to Google senior vice-president Alan Eustace demanding "prompt" answers to a list of seven questions explaining why the street-level mapping Google cars were able to collect so much data.
Google said during the first investigation that the data collection was a "simple mistake". But ho
The ICO wants to know "precisely what type of data and sensitive personal data was captured within the payload data collected in the U.K." It also wants to know when Google management became aware of the issue, and why the data scope found by the FCC investigation were not disclosed to the ICO when it visited in July 2010.
Interestingly, the ICO also wants to see "copies of the original software design document" and any "subsequent version control". This is the ICO looking to see whether a data trail leads back to Google building the software to collect the data by design or not.
The letter went on, claiming Google had collected "some sensitive data" including "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites and data contained in video and audio files".
Not only could Google see which porn sites you were visiting, it could likely see the porn itself.
The ICO, following a U.S. investigation, thought the matter was over and done with, and dropped an investigation after Google said it had "mistakenly collected" data from unencrypted wireless networks. It believed "sensitive personal data had not been captured nor was there detriment to individuals," and no fines were issued.
And then other data protection agencies stepped in, saw things differently, and Google was given a thorough slap on the wrist.
However, U.K. wiretap laws --- or its "surveillance" laws, I'm not splitting hairs --- may have been violated, which could lead to a police investigation into the matter. At very least, the U.K.'s data protection laws may have been broken.
The ICO can impose an unlimited fine if a legal case reaches a higher Crown Court for serious offenses.
A Google spokesperson told the BBC it was "happy to answer the ICO's questions," but claimed the regulator "never even looked at" the payload data, despite Eckersley claiming it was "viewed".
The ICO said there will be a "formal follow-up process within the next couple of months" to ensure its recommendations have been put in place. "All personal data unlawfully collected by Google has been destroyed," a spokesperson said.