ICO re-opens Google Street View probe in the UK

An earlier report from the FCC published in April 2012 effectively cleared Google of ‘wiretapping’ in the US. “Based on careful review of the existing record and applicable law, the bureau will not take enforcement action,” concluded the report.

However, the report notes that a ‘rogue engineer’ intentionally included code designed to capture payload data, and that this engineer told two other engineers, including a senior manager, that he was indeed collecting payload data. The rogue engineer invoked the 5th Amendment and declined to speak to the FCC. The end result was that the FCC fined Google the rather paltry sum of $25,000 for obstructing its investigation, but concluded that Street View had broken no laws.

However, it is this unanswered question about the actual extent of Google’s knowledge about the collection of payload data that has now led the ICO to write to Google for more information. In 2010 it had earlier “concluded that sensitive personal data had not been captured, nor was there detriment to individuals.” The problem for both Google and the ICO now is that in exonerating Google from law-breaking in the US, the FCC report demonstrates that the UK conclusion had been based on a questionable premise: that Google managers actually knew nothing about the data collection, that it had not been collected intentionally, and that it had never been analyzed.

Now the ICO has made a new seven point demand for further information from Google. It wants to know exactly what data was collected, when Google managers became aware of the issue and what they did about it, and why personal data was not included in the sample of data provided by Google in the ICO’s earlier investigation. It also wants copies of the original software design document, and concludes with a request for a prompt response and “copies of the certificate of destruction relating to the captured payload data.”

Response to this news in the UK has been varied, with privacy campaigners taking a rather different view to lawyers. Nick Pickles, director of civil liberties campaign group Big Brother Watch, said, “the ICO must now take every step to get to the bottom of just how many British people’s privacy was trampled on by Google. It is also essential that Google explain why the explanation it gave in 2010 and the data prepared for the ICO deliberately concealed what had really happened.” Pickles also criticises the ICO, and adds, “The investigation must now be pursued with the vigor sadly lacking in 2010...”

However, in a prescient blog published the day before the ICO’s letter to Google, lawyers at Amberhawk Training Ltd said that the FCC report and a more recent Swiss judgement on the same issue would change things for the ICO. “The Swiss Federal Supreme Court (Bundesgericht), the highest Swiss court, said that Street View was mostly compliant with Swiss data protection law and can continue to operate,” explain other lawyers from Pinsent Mason. The Swiss judgement merely asks for more efficient data protection in the Street View process.

“For the ICO, the FCC findings are an embarrassment,” says Amberhawk. However, it goes on to comment, “Assuming that Google has deleted the personal data (under ICO instructions) it is rather difficult for the ICO to now turn the clock back or indeed prove anything. However, I think the Federal Swiss Court decision gives the ICO an ‘out’ (if he needs one); all he does is get Google to implement something similar the Court’s conclusions in the UK.”

 

What’s Hot on Infosecurity Magazine?