facebook rss twitter

Google faces fresh UK privacy probe

by Sarah Griffiths on 25 October 2010, 10:06

Tags: Google (NASDAQ:GOOG)

Quick Link: HEXUS.net/qa2os

Add to My Vault: x

Privacy pariah

Britain's privacy police will take a fresh look at whether Google's Street View cars nabbed private personal information from UK citizens' Wi-Fi networks.

Earlier this year, the Information Commissioner's Office (ICO) declared no ‘significant' details were collected as Google's Street View cars ‘accidently' gathered information from unencrypted Wi-Fi networks, the BBC reported.

However, Google has now admitted it had copied personal passwords and emails, although it promised a Canadian court it has halted Wi-Fi scanning via its Street View cars for good.

Alan Eustace, VP of engineering and research wrote on Google's blog: "We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place."

He said Google is ‘mortified' that personal data has been collected, but stressed the search giant has set up ‘stronger privacy controls inside Google' to stop it ‘accidently' happening again.

Watchdogs in Canada, France and Germany among others have investigated what happened with Google's Street View, but seemed more concerned than the UK.

A spokesman for the ICO reportedly said it had closely watched the investigations abroad after its own probe wrapped up in July. It reportedly concluded that the information collected: "did not include meaningful personal details that could be linked to an identifiable person".

However Eustace said: "It's clear from those [external] inspections that while most of the data is fragmentary, in some instances entire e-mails and URLs were captured, as well as passwords."

Reacting to Google's admission of guilt, The ICO told the BBC: "We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."

Alma Whitten, Google's director of privacy told the broadcaster it will cooperate with the investigation to answer ‘further questions and concerns' and stressed that the data collected "has never been used in any Google product and was never intended to be used by Google in any way".

Google said it has appointed Whitten to oversee the development of effective privacy controls into its products and procedures. It will also boost training for engineers and product managers ‘with a focus on responsible collection, use and handling on data'.

Google will also roll out an ‘information security awareness programme' for all its employees from December and has also revamped its internal compliance.



HEXUS Forums :: 6 Comments

Login with Forum Account

Don't have an account? Register today!
“ …. and was never intended to be used by Google in any way”

Well, that's all right then. It doesn't matter that you snaffled up people's passwords and even emails. These things happen.

I can see it now ….

Thief : "I'm sorry officer, I didn't mean to rob the bank. It just happened accidentally."

Cop : "Well, that's all right then. Be more careful next time you're in a bank."
Saracen
Well, that's all right then. It doesn't matter that you snaffled up people's passwords and even emails. These things happen.

I can see it now ….

Thief : "I'm sorry officer, I didn't mean to rob the bank. It just happened accidentally."

Cop : "Well, that's all right then. Be more careful next time you're in a bank."

Thats a bad example! Google have at least got the various public bodies involved. What about all the companies that don't and you just haven't heard of it? Also you have got to be asking what the public think happens to their emails/passwords as they go across the internet in plain text - Criminals who will actually use the data for committing crimes can read it! In fact that is what scares me about the way this is reported. It makes it look as if google where doing something terrible advanced to get the data - I suspect I could get similar data using my mobile! The public need to realise their data is NOT safe unless they encrypt it!
It wasn't exactly an example - more like satire. But what the public do or don't realise is beside the point. The point is that Google have a statutory responsibility and this makes it appear they breached it. There are duties on people that collect and store personal information, and given the abuses (accidental or malicious) that have occurred in the past, so there should be.

My first question is why Google were collecting, and recording, this data in the first place, especially in relation to a project like Streetview? The second is why they're talking about deleting it now, and why that wasn't done immediately?

My ‘example’ was a bit facetious …. but only a bit. There are a number of offences that are “absolute”. If you commit those, it doesn't matter why you did, or what your intentions were - the mere fact that you did the act is enough. That's what I was getting at, albeit in a loose way. And Data Protection breaches are viewed as being, potentially at least, pretty serious. For instance, the recent Wikileaks scandal. Under UK data protection laws, Google could face a half million pound fine for this, in addition to the damage it dies to their credibility. And , having closed the investigation once, the Information Commissioner now seems to be re-opening it in the light of these apparent admissions about the nature and scale of data collected. That make me wonder what Google told the IC last time, and it makes me wonder just how much of an “investigation” the ICO did.
He said Google is ‘mortified' that personal data has been collected, but stressed the search giant has set up ‘stronger privacy controls inside Google' to stop it ‘accidently' happening again.

Given he is already mortified, we really shouldn't tell him about the other Google products with privacy concerns :D
Saracen
My first question is why Google were collecting, and recording, this data in the first place, especially in relation to a project like Streetview?

Well, I highly doubt it was a high-level decision - more likely the independent work of an engineer or two. This is one of the disadvantages of running a highly creative company where staff get a day off per week to work on their own projects. Running an organisation as big and powerful as Google, you have to make sure that that creativity doesn't end up deployed in inappropriate ways. But it's not like there was a grand Google conspiracy to snoop on people's Wi-Fi, co-ordinated by Eric Schmidt himself!

After all, Google has far easier ways to get the data it wants out of you.

The second is why they're talking about deleting it now, and why that wasn't done immediately?

If they'd tried to cover their tracks by erasing the data rather than allowing the appropriate bodies to see it, I imagine they'd be in even more trouble.

Under UK data protection laws, Google could face a half million pound fine for this

Have you seen how much money Google makes? Fining Google half a million is like fining me 50p!