news

UK: Google Wi-Fi collection violated data protection laws

The latest development marks a change in position for the Information Commissioner's Office (ICO), which said earlier this year that Google only appeared to have breached data protection requirements. It declined to take further action after Google agreed to delete the data. Google said in May that it had collected information on unencrypted Wi-Fi routers, including fragments of data transmitted by those routers. The purpose of the data collection -- which occurred as its Street View imagery vehicles were cruising streets in many countries -- was to improve a geo-location database for location-based mobile applications. Google denied the data could be traced back to an individual. But the company said on Oct. 22 that an examination of the data by seven external regulators have now shown that in some instances entire e-mails and URLs were collected along with some passwords. Earlier this year officials from the ICO who viewed a sample of the collected data apparently missed the fact that some of it could be traced back to specific people. They concluded "that the data as fragmentary and was unlikely to constitute personal data" and declined to take further action. ICO officials looked at parts of the data that was provided by Google and also did their own random sampling, but did not find information that constituted personal data, according to an ICO spokesman. It is not known which regulatory agency in the 30 countries examining the Street View data discovered the full e-mails and passwords, although it should eventually be revealed, the ICO spokesman said. The ICO declined to impose a fine, saying that the majority of the data was collected by Google prior to April 6, the day the agency gained the power to fine organizations that break the Data Protection Act of 1998 up to £500,000 (US$800,000).
back to all news