European Racket Over Street View Privacy Spawns Probes
May 19, 2010 12:06 PM PT
European privacy advocates are scaling up their scrutiny on Google regarding its Street View cars' collection of data from unencrypted WiFi networks.
German prosecutors and the Czech data protection agency have launched separate investigations into the issue; Italy's privacy regulator is looking into whether Google treated the data correctly; and the European Union's Justice Commissioner has waded into the fray.
Meanwhile, Google CEO Eric Schmidt reportedly said the company plays hardball with governments on privacy issues.
Prosecutors in Hamburg, where Google has its German headquarters, are reportedly following up on a complaint against unnamed Google workers over the unauthorized interception of data.
Their examination, which will determine if the allegations warrant a full-blown investigation, could take up to two weeks.
Meanwhile, Czech Republic's data protection agency, known as "UOOU," has also reportedly launched an administrative investigation into Google's WiFi data collection.
Over in Italy, the country's privacy regulator has said it would verify whether or not Google treated the data acquired by Street View correctly.
Privacy authorities in the United Kingdom have ordered Google to destroy WiFi data its Street View cars captured in the country. A similar request by privacy authorities in the Irish Republic had Google destroy data captured from citizens of that nation.
The European Union has also stepped into the fracas -- EU Justice Commissioner Viviane Reding reportedly criticized Google for not following the EU's rules.
Google has acknowledged that devices inside some of its Street View cars -- cars fitted with large cameras and tasked with driving around cities to collect images for Google Street View -- picked up and recorded some of the traffic moving on various unprotected WiFi networks they encountered. Google said the action was a mistake and maintains it's deleted the data it picked up.
The outcry in Europe regarding this revelation so far contrasts with the generally mild reaction among U.S. officials.
"The European Union has a much more protective view of individual privacy and a person's right to be free from having data collected without their express consent," Jeremy D. Mishkin, partner and chair of the litigation department at Montgomery, McCracken, Walker & Rhoads, told TechNewsWorld. "It's almost always a surprise for a U.S.-based company to learn about all the additional restrictions on what they may do with EU customers' information gathered online."
That's because privacy is not as regulated in the U.S. -- there is no constitutional expectation of privacy -- as it is in Europe.
"Article 8 of the European Convention of Human Rights provides a right to respect for one's private and family life, home and correspondence," pointed out Carl Howe, director anywhere research at the Yankee Group.
"The European Union has a fairly broad and protective stance legally on privacy," Howe told TechNewsWorld. "For example, you're not allowed to pass somebody's personal information on to anyone else without their consent. You even have to ask permission for something as simple as registration forms on the Web if there's any danger that the information people fill in will pass out of your control."
Google's Stance on Data
Google has had mixed reactions to European anger over its collection of data. On the one hand, Alan Eustace, its senior vice president of engineering and research, has apologized profusely in the Google blog, stating the data was collected by mistake.
Google said it has already deleted data about users in the Irish Republic at that government's request, and provided a link to a statement by iSEC Partners about the deletion as proof.
However, Google CEO Eric Schmidt said at a conference outside London on Tuesday that the company negotiates hard with governments on privacy issues, Bloomberg reported. He also claimed that Google has the most "privacy-centric" policy, though he did not elaborate.
"We are continuing discussions with relevant authorities," Google spokesperson Christine Chen told TechNewsWorld.
Perhaps cultural differences constitute the crux of the problem.
"The Europeans think we're crazy for being so lax about privacy, and we see them as crazy because they get all upset over privacy issues," the Yankee Group's Howe said.
Wrong? What Wrong?
It bears mention that while Google's Street View cars did pull in data from networks owned by private users, they did not forcibly break into encrypted networks. They were wireless signals broadcast unprotected onto public roadways with no attempt made to block unauthorized users.
Looking in on such networks is similar to a passerby on a public sidewalk looking into a window that has its blinds rolled up, explained Mishkin.
"If you want privacy, you pull down the shade; if you leave your WiFi network unencrypted, you're effectively leaving the shade open," Mishkin said.
Where Google went wrong was in initially issuing misleading statements about the data collection, Mishkin contended. After first claiming that its Street View cars do not collect such information, Google admitted that so-called payload data -- information sent over unprotected WiFi networks -- was "mistakenly" collected.
"They promised they were not collecting it and it turns out they were," Mishkin remarked. "They are doing something wrong because they're doing what they said they wouldn't."