Two years ago it was discovered Google had been ‘accidentally’ gathering data from unprotected WiFi access points. For those not familiar with the issue, here is a quote from my earlier article on this topic explaining, in simple terms, what was going on:
In other words, if you have an unprotected/unencrypted Wi-Fi connection, Google’s Street View cars may have collected your private data, such as “parts of an email, text, photograph, or even the website someone may be viewing”. To add icing on the cake, this has been going on for three years.
At the time Google labeled this a mistake, promised to not use the data, segregate the data from its servers, and obviously delete it. It has now emerged Google still has some of the data it gathered.
According to a letter from Google Global Privacy Counsel Peter Fleisher to Head of Enforcement at UK’s Information Commissioner’s Office Steve Eckersley, Google admits that it still has a “small portion of payload data collected by our Street View vehicles in the UK”. You know, the data Google was supposed to delete in December 2010 as per its agreement with the Information Commissioner’s Office. Google issued an apology for the “error” in the above-mentioned letter and asked the ICO how it should proceed further.
According to the ICO,
“Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.”
Although the ICO notes the failure to delete this data is a breach of the agreement Google and ICO signed in November 2010, it isn’t entirely clear what will be Google’s punishment (if any) for failing to delete what it never should have collected in the first place. It also isn’t clear if Google still maintains data it gathered in other countries.