Wednesday, November 3, 2010

UK Information Commissioner's Office Changes Opinion On Google Street View WIFi Data Collection Violation

"There was a "significant breach" of the Data Protection Act when Google collected personal data via its Street View cars, the UK's Information Commissioner has ruled.

But Google will not face a fine or any punishment, Christopher Graham added.

Instead, the Information Commissioner's Office (ICO) will audit Google's data protection practices.

The move marks a U-turn for the ICO which originally ruled that no data breach had occurred.

Last week the ICO vowed to look again at the evidence, after the Canadian data agency found the search giant in breach of its law."

BBC - Google in 'significant breach' of UK data laws


"Google said in May that it had collected information on unencrypted Wi-Fi routers, including fragments of data transmitted by those routers. The purpose of the data collection -- which occurred as its Street View imagery vehicles were cruising streets in many countries -- was to improve a geo-location database for location-based mobile applications.

Google denied the data could be traced back to an individual. But the company said on Oct. 22 that an examination of the data by seven external regulators have now shown that in some instances entire e-mails and URLs were collected along with some passwords.

Earlier this year officials from the ICO who viewed a sample of the collected data apparently missed the fact that some of it could be traced back to specific people. They concluded "that the data as fragmentary and was unlikely to constitute personal data" and declined to take further action.

ICO officials looked at parts of the data that was provided by Google and also did their own random sampling, but did not find information that constituted personal data, according to an ICO spokesman.

It is not known which regulatory agency in the 30 countries examining the Street View data discovered the full e-mails and passwords, although it should eventually be revealed, the ICO spokesman said.

To satisfy the ICO, Google will be subject to an audit within nine months by the ICO and must sign a document saying they will face further action unless the company takes steps to ensure data is protected."

PC World - UK: Google Wi-Fi Collection Violated Data Protection Laws


I am proud of the UK ICO for being prepared to change its ruling in the light of new evidence. I am interested in the international coordination and communication amongst various privacy office's around the globe. I was at a privacy and records management conference and one of the speakers was Jennifer Stoddart, the Privacy Commissioner of Canada. She said that there was substantial cooperation between countries and between jurisdictions.

From subtext that I interpreted in the comments made by all off the Canadian privacy commissioners that were in attendance at the conference (I think there were 6 in total federal and provincial), my opinion is that a lot of the cooperation is borne of necessity. None of the privacy commissioners have enough budget to do their jobs, and without relying on other offices for expertise, assistance, and information sharing would be fighting quite a losing battle. It is my opinion that the commissioners are all in fact unable to truly do their jobs at their current resource level.

Jennifer Stoddart also made it clear that the various national privacy commissioners were acutely aware of the interjurisdictional nature of the internet and blobal media, and that additionally pushed them toward coordinated action and information sharing. There was some discussion of how very large and rich global corporations could easily thwart a single national jurisdiction.


Picture credit: Pulse2 - Google Street View Cars Grabbed E-Mail and Passwords

No comments:

Post a Comment