Data Security: UK ICO Is Reopening Its Google Street View Case.

Well, it was just a matter of time: the UK’s Information Commissioner’s Office is reportedly reviewing its “Google WiSpy case,” the same case that was dismissed with a slap on the corporate titan’s wrist.  Not once, but twice.

A brief summary of what happened to date: Google was caught collecting vast amount of data as its Street View vehicles roamed the streets, including passwords, emails, and other personal data.  In Google’s defense, it was only collecting information that was being sent over the airwaves that was not protected with data encryption (had it actively engaged in trying to collect and crack encrypted data, Google would certainly be singing the same tune in each country — the sad one).

ICO Takes a Second Look

Unlike other countries (such as Australia, France, Germany, South Korea, etc.  Perhaps I should state “unlike most countries”), the UK’s ICO did not find any breaches of the country’s data protection laws.  A further review — after much public ballyhooing — resulted in the ICO stating that it will not look further into the case.  Fast-forward to last month: the US’s FCC found that Google had misled the FCC’s investigators and that there was nothing accidental about collecting the data.

This has prompted the ICO to reopen its Google case.  The site notes the ICO sent an angry letter to Google:

the ICO’s head of enforcement Steve Eckersley has sent a letter to the tech firm, saying it “seems likely that such information was deliberately captured during the GSV operations conducted in the UK.”

“However, during the course of our investigation we were specifically told by Google that it was a simple mistake and if the data was collected deliberately then it is clear that this is a different situation than was reported to us in April 2010,” Eckersley wrote.

The ICO is after an explanation from the tech giant as to why it was not told the additional data was gobbled up by Google’s cars during the watchdog’s initial investigation in 2010.

Regardless of what the ICO may conclude in this second round of investigations, I doubt that Google will see an escalation in its penalties.  The reason?  The Spy-Fi incident took place in 2010, well before the ICO had obtained the right to hand out monetary penalties.

The Swiss are Doing Something of Interest

In an article related to the above proceedings, The Register (at notes that the Swiss Federal Supreme Court has come down hard on Google’s Street View project, and that the UK’s ICO could make note of it, seeing how both countries’ laws are a response to the EU data protection directive (Directive 95/45/EC).

According to the judgment, the court has found that foreign companies are subject to Swiss law if there is a close link to the alpine country, and thus Google is subject to supervision by the Federal Data Protection and Information Commissioner (FDPIC).

Furthermore, it has found that:

  • Google’s Street View service does process personal data.  The insinuation is, I take it, that, unlike the US, just because you’re taking pictures from an open, public space (i.e., the road) doesn’t mean that everything is fair game.

  • Thus, Google Street View “violates a person’s right to his or her own image and privacy” if adequate blurring is not used.

  • Google must render “entirely anonymous prior to publication on the internet” the images of sensitive facilities especially “women’s refuges, nursing homes, prisons, schools, courts and hospitals.”

  • “In addition to faces, other identifying characteristics such as skin colour, clothing, aids of physically disabled persons etc. should no longer be identifiable”

  • Google’s Street View vehicles use elevated cameras that could view “into private areas such as enclosed yards and gardens…states that images of private areas not open to view to an ordinary passer-by are not to be published without the consent of the persons concerned.”

  • Google must “provide at least a week’s advance notice of where it plans to record images, and announce a week before publication the localities that are going to be published online. This information must not only be published on the internet, but also appear in the local media.” (my emphasis)

  • The maximum error rate regarding the blurring of faces cannot be higher than 1%.

Dang.  The Swiss are very strict and exacting.  But that’s not news, is it?  It’s the reason why their chocolates are delicious, why their watches so precise, and why their soldiers are so colorful yet so deadly.

Related Articles and Sites:

Comments (0)

Let us know what you think