The Information Commissioner's Office (ICO) has said it is going to re-investigate the Google Street View controversy.
Earlier this year, Google was forced to apologise for collecting samples of payload data from open (i.e. non-password-protected) WiFi networks while photographing for its Street View feature. At the time, it said that no significant personal details were collected but has since admitted that emails and passwords were copied.
Alan Eustace, senior VP of engineering and research at Google, said that in the original admission about Street View no one inside Google had analysed the data it had collected, so did not know for sure what the disks contained.
He said: “Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.
“We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.”
In July, the ICO issued a statement that said that it had visited Google's premises to assess samples of the ‘pay-load' data and said that it was ‘satisfied so far that it is unlikely that Google will have captured significant amounts of personal data'.
However, a statement issued by the ICO this weekend said that it has continued to liaise with Google and will await the findings of the investigations carried out by its international counterparts.
An ICO spokesperson said: “Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured. We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers.”
Stewart Room, partner in the privacy and information group at Field Fisher Waterhouse, claimed that the difficulty that the ICO faces is that it acquitted Google of breaches of the Data Protection Act back in July. He asked if the ICO investigation was thorough enough.
He said: “The commissioner has to ask a critical question of Google: why wasn't it apparent in May 2010 that the cars had gathered full emails, URLs and passwords? Precisely what changed between May and October 2010?
“Eustace says that he was mortified to learn the true facts. Perhaps the commissioner is feeling the same way, because there will be plenty of people saying ‘told you so', who will assert that the commissioner did not do a good enough job at the very beginning.
“The only way this new investigation can end well for Google is if it is proved that the UK cars did not collect more detailed personal data than the types shown to the commissioner first time round. If that's the position, the commissioner might feel comfortable sticking with his original position. However, if the alternative is true, ICO will be under tremendous pressure to take enforcement action; in these circumstances parts of the pro-privacy lobby will call for a fine I imagine.”
Update: When asked on the CNN talk show Parker Spitzer about ‘the creepiness of Google Street View's camera drive-bys', Google CEO Eric Schmidt said: “We drive exactly once. So you could just move, right?”