Friday, November 19, 2010

Google's wi-fi data to be deleted

The UK's information commissioner has said that wi-fi data accidentally collected by Google's Street View cars will be deleted "as soon as possible".

Deputy information commissioner David Smith told the BBC that there would be no further enquiries into the matter.

He said there was no indication that any information collected "had fallen into the wrong hands".

It will not appease critics who called for the search giant to be fined.

There were no grounds for fining Google, Mr Smith told the BBC.

"We'd have had to find that there was substantial damage or distress to individuals from the collection of snippets of e-mails, URLs and passwords. We'd have to meet that criteria for a penalty to be imposed," he said.

Google admitted earlier this year that it had accidentally collected information from unsecured wireless networks around the world.

The incident came to light during a routine audit by the Hamburg data authority.

It led to dozens of enquiries with some - notably the Canadian data commissioner - offering detailed findings about the nature of the breaches.

The Canadian investigation found that Google captured personal information, including a list of names of people suffering from certain medical conditions.

Canadian privacy commissioner Jennifer Stoddart said thousands of Canadians had been affected.

The findings led her to conclude that the search giant "seriously violated" its privacy laws.

More training

Mr Smith admitted that the UK had conducted a much more basic investigation.

"We spent less time searching than others did. If we had searched for days and days we would have found more," Mr Smith said.

Following this audit, the ICO ruled that "no significant breach" had occurred.

But following publication of the Canadian data commissioner's findings, the ICO changed this to a "significant breach".

Mr Smith said that the ICO had intended all along to base its final judgement on the findings of its counterparts.

"It is not a good use of the data protection authority to duplicate more in-depth enquiries," he said.

"We have based our decision on the findings of other data authorities. It was exactly the same type of information found by them," he said.

Mr Smith revealed that the ICO is only able to audit companies that have given prior permission for such an investigation.

Jim Killock, executive director of digital advocacy The Open Rights Group, thinks this is a "shocking state of affairs".

"The ICO needs more powers and definitely needs more technical expertise," he said.

"To my mind people's privacy has been breached and they should be told about it. The ICO has a duty to let people know what has happened," he said.

Mr Killock believes that Google's data breach is more akin to unlawful interception, similar to opening someone's post without permission.

The UK currently has no public body to investigate interception breaches, a gap that that led the European Commission to launch legal action against it.

The Home Office is currently consulting on how to make sure it complies with European legislation on the interception of communications.

Following the ICO's ruling, Google has promised to offer privacy training to its staff.

Other data bodies and groups around the world are still investigating its capture of wi-fi data.

Mr Killock is hopeful there will be harsher punishments for Google down the line.

"I should hope it would be fined," he said.



Powered by WizardRSS | Full Text RSS Feeds

0 comments: