Google's fleet of Street View cars, the vehicles the company uses to create
its virtual mapping service, are being scrutinized by governments around the
globe for violating privacy laws. Back in May, Germany realized
the cars were scanning unsecured Wi-Fi networks and collecting private user
data. South Korea was
next, raiding Google headquarters in Seoul in August. Now, not to be
outdone, Canada and Spain have raised a stink over privacy too.
Today, America's hat concluded its investigation, finding that Google did
indeed violate privacy law. Google's Street View vehicles "inappropriately"
collected personal information that included emails, email addresses, usernames,
passwords, names, telephone numbers, street addresses--even very sensitive
information such as medical records.
On Monday, Spain's Data Protection Agency said its preparing to fine Google
over similar infractions. The agency said in a statement that the
company's data collection falls into five categories of violations, and that the
company could be penalized for two serious infractions and three very serious
infractions. The fine could be as high as €300,000 (US$417,000) for a serious
infraction, and double that if classified as a very serious infraction.
Google has said that the data collection was inadvertent, the result of a
programming error in a code developed in 2006 that gathered "payload data" from
publicly broadcast Wi-Fi networks. According to Canadian officials, the engineer
who created the code did identify "superficial privacy implications" at the
time. However, Google never assessed the issue because the engineer neglected to
forward the code design documents to the company's lawyer responsible for the
legal implications of the project. That "superficial" concern, in Germany, meant
that Google "accidentally" collected 600
gigabytes of data from unsecured networks.
"Our investigation shows that Google did capture personal information--and,
in some cases, highly sensitive personal information such as complete e-mails.
This incident was a serious violation of Canadians’ privacy rights,” says
Canada's Privacy Commissioner Jennifer Stoddart in a news release. “This
incident was the result of a careless error--one that could easily have been
Likely, thousands of people were affected by the incident, and the extent of
the damage has not been tallied, since Canadian experts only examined a small
sample of personal data for the investigation. Stoddart recommended increased
privacy compliance from Google, enhanced privacy training for employees, and
ordered that the data collected be deleted.
So again, Google gets off with nothing more than a slap on the wrist from
Germany, a potential fine from Spain, and a stern warning. How many more
countries will have to come forward with complaints before serious action is
And ultimately, what does this say about our privacy online in general? If so
much personal data is readily available on unencrypted or non-password protected
Wi-Fi networks, who else has been collecting your data beside Google?