Google: we failed to delete all Streetview data

'Human error' prevented Google from deleting all the data it collected from Streetview snooping, the search giant has admitted.

Despite repeated assurances in public and to the Information Commissioner, Google has admitted that it did not in fact delete all the data, which could include passwords and emails, collected over open WiFi networks by its Streetview mapping cars in 2010 in a number of countries around the world.
The news means that Britain’s recently reopened investigation into the so-called WiFi snooping could be bolstered by an opportunity to re-examine evidence that the ICO had asked to be destroyed. The ICO has demanded to examine the data “immediately” to look for evidence that it is in fact more extensive than Google had originally claimed, as authorities in America had discovered for data collected there.
Other countries affected are Ireland, France, Belgium, Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia
A spokesman for the ICO said “The ICO has always been clear that this should never have happened in the first place and the company’s failure to secure its deletion as promised is cause for concern.”
Google has always maintained that the collection was unitentional, although it has admitted since the original investigation that managers knew about the junior engineer's code that allowed it to happen. The data has never been used commercially. Although the ICO originally found that the collection was illegal and forced Google to change its policies and practices, no major penalties have ever been imposed. As the ICO asked for the evidence to be deleted, it had been thought that further prosecutions were unlikely.
Peter Fleisher, Google’s Global Privacy Counsel, wrote to Steve Eckersley, the head of enforcement at the ICO this morning, saying “Google has recently confirmed that it still has in its possession a small portion of payload data collected by our Street View vehicles in the UK. Google apologizes for this error.”
He adds that “In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and re-scanning of thousands of disks. In conducting that review, we have determined that we continue to have payload data from the UK and other countries. We are in the process of notifying the relevant authorities in those countries.”
Mr Fleischer says that Google would like to delete the data, which it has identified but never accessed and has never used for commercial purposes, but will work with the ICO. “Google would now like to delete the remaining UK data, but would like your instructions on how to proceed,” he writes. “We are prepared to arrange for you to review this data, or to destroy it. Google remains committed to working with the ICO on this matter.”
In a statement, the ICO said, “Earlier today Google contacted the ICO to confirm that it still had in its possession some of the payload data collected by its Street View vehicles prior to May 2010. This data was supposed to have been deleted in December 2010. The fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010. In their letter to the ICO today, Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.”
The ICO added that it is in touch with other data protection authorities in the EU and elsewhere through the Article 29 Working Party and the GPEN network to coordinate the response.


Post a Comment

Grace A Comment!