Google Street View Cars Broke Canadian Privacy Laws
Canadian authorities have ruled that Google Street View committed a ‘serious violation’ of its privacy laws, but the company will not face prosecution
Google will not face prosecution in Canada over its infamous ‘WiSpy’ incident, despite having been found to have violated that country’s privacy laws.
Back in May, Google became embroiled in an ongoing privacy controversy after it admitted that its Street View cars had unwittingly collected more than 600GB of data from unsecured Wi-Fi networks around the world, provoking outrage from governments and privacy advocates.
Privacy Controversy
Google Street View was launched in May 2007 with the aim of enabling people to explore street-level imagery in five cities in the US. Since then the site has grown to include 360-degree panoramic views of towns and country roads in counties around the world. It was recently extended to cover all seven continents incorporating new images from Brazil, Ireland and Antarctica.
But the company is still facing ongoing investigations by Scotland Yard, the US Federal Trade Commission and European regulators.
However, in the UK the Information Commissioner’s Office (ICO) said that it had examined samples of the data collected by Google in July, and concluded that it was free of any “meaningful personal details”.
Canadian Ruling
But in Canada, the country’s privacy commissioner has ruled that Google did violate the privacy of thousands of Canadians when it inadvertently collected personal information about its citizens.
“Our investigation shows that Google did capture personal information – and, in some cases, highly sensitive personal information such as complete emails. This incident was a serious violation of Canadians’ privacy rights,” said Jennifer Stoddart, the Canadian privacy commissioner in her official ruling.
However the Privacy Commissioner’s investigation concluded that the incident was the result of an engineer’s careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed.
“This incident was the result of a careless error – one that could easily have been avoided,” said Commissioner Stoddart. She recommended that Google ensure it has a governance model in place to comply with privacy laws, and also recommended that Google enhance privacy training to foster compliance amongst all employees.
She also recommended that Google delete the Canadian payload data it collected.
Campaigner Concerns
But the decision by the Canadian privacy commissioner not to press legal proceedings against Google has worried some privacy groups. UK-based Privacy International wrote on Tuesday to the commissioner [OPCC] expressing its concern.
“We are deeply concerned by the statement and have raised those concerns with the OPCC directly,” said Alexander Hanff, an adviser to Privacy International, speaking to the Guardian newspaper.
“They [the OPCC] have stated that this was the work of a lone engineer which is so implausible it beggars belief and could potentially have consequences which impact on ongoing cases elsewhere in the world,” he said. “Their lack of enforcement or legal action despite confirming Google broke the law, is worrying – we would have liked to see some real action off the back of such a conclusion.”
Not Out Of The Woods
The Street View cars meanwhile returned to British roads in August – minus their Wi-Fi antennas. Street View cars are also back in action in Ireland, Norway, South Africa and Sweden. But not all countries have welcomed Street View back with open arms. In September, for example, Czech data protection authorities rejected an application by Google to collect personal data for its mapping service.
“We have in place robust procedures to protect privacy,” a Google spokesperson told eWEEK Europe at the time. “We’ll continue to engage in constructive dialogue with the DPA to answer any other questions they have.”
Meanwhile, Google’s South Korean headquarters were raided in August by police looking for evidence of illegally stored data, seizing hard drives and related documents. The company also had to deny reports that it was experimenting with spy drones or UAVs, typically used by special forces or the police. The service is also being probed by Spanish authorities, following a complaint filed in June by private Internet watchdog Apedanica.