Despite assurances to the contrary, Google told the UK’s Information Commissioner’s Office (ICO) today that it still has some of the WiFi payload data that it’s Street View cars collected in 2010. That data may include personal information such as usernames, passwords and email addresses that Google collected via unsecured WiFi networks.
Google’s collection of such data has sparked numerous governmental investigations around the world — some of which are still in progress.
Google had previously promised the UK government and public that it had deleted all of the data. But Google attorney Peter Fleischer wrote to the ICO to say that’s not the case.
Google has recently confirmed that it still has in its possession a small portion of payload data collected by our Street View vehicles in the UK. Google apologizes for this error.
In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and re-scanning of thousands of disks. In conducting that review, we have determined that we continue to have payload data from the UK and other countries. We are in the process of notifying the relevant authorities in those countries.
The Telegraph reports that those countries are Ireland, France, Belgium, Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia.
The danger to Google, as the Telegraph explains, is that governments are likely to want to review the data (again, in some cases), and that could open Google to future penalties.
The news means that Britain’s recently reopened investigation into the so-called WiFi snooping could be bolstered by an opportunity to re-examine evidence that the ICO had asked to be destroyed. The ICO has demanded to examine the data “immediately” to look for evidence that it is in fact more extensive than Google had originally claimed, as authorities in America had discovered for data collected there.
As the Street View/WiFi incident unfolded over the past couple years, Google consistently maintained that the data collection was an accident. But earlier this year, the company admitted that it was intentional, with an employee saying that code was written to capture consumer data because it “might prove useful for other Google services.”