Not for the first time Google finds itself facing serious questions over potential breaches of data protection rules. In recent months, Google has been criticized heavily for launching a new privacy policy despite Europe-wide concerns that it was not compatible with EU privacy laws. The policy change allowed Google to collect private data from one of their services and share it with other platforms like YouTube and Gmail. Now, so soon after this, Google find themselves in the spotlight again over allegations that their Street View cars secretly collected data including website details, user names and passwords from unsecured Wi-Fi Networks in the UK.
These potential breaches of privacy rights were first brought to the public’s attention in May 2010 when the company was forced to admit that it had harvested data from Wi-Fi networks. Despite this admission no action was taken by the Information Commissioner’s Office (ICO) who were satisfied with Google’s assurances that their actions had been unintentional and their promises to bulk up their privacy policy and tighten controls.
Now, two years later, it has come to light that perhaps Google were not as innocent as they had previously claimed. Internal emails and documents released in a report by the U.S. Media regulator, the Federal Communication Commission (FCC), contradict Google’s claims that this was just a mistake. The report claims that a Google engineer had created special software that could “collect, store and review payload data for possible use in other Google projects”. This software was then used to collect data from unsecured Wi-Fi networks as the Street View cars passed through UK neighbourhoods.
Nearly a quarter of homes in the UK that do not have a password on their Wi-Fi connection could have had personal information taken by Google Street Cars without knowledge or permission. Given the extent of the potential data that could have been taken, Google have been let off lightly so far.
Similarities can be drawn with the phone hacking scandal that continues to engulf the front pages of our newspapers across Britain. Is taking personal details from an unsecure Wi-Fi network any different from a news reporter hacking the voicemail of an unsecured mobile phone? The real difference between these two cases is the cavalier approach that still exists with regards to accessing personal data. Unfortunately, in the UK and across Europe regulation is slow to develop in this area. Technology is developing so fast that often legislators fail to keep up.
The EU is making efforts towards improving legislation in this area with the current Data Regulation and Data Directive that are going through the European Parliaments Civil Liberties, Justice and Home Affairs Committee. This will be the first international legislation in the area of the internet and data privacy – a hugely sensitive but critically important area for legislators to understand and get right for the future. Data protection authorities are also currently carrying out investigations on the Google privacy policies, though they report that Google is providing vague and incomplete information.
Google’s actions may amount to a serious breach of data protection rules. Allegations that they may have had knowledge of their actions are extremely serious. Given the extent of the data that was taken we should, at the very least, launch a UK inquiry. Not only could this improve Google’s privacy policies but it would also send a powerful message to other companies that we are serious about protecting our citizen’s right to privacy. No one should have the right to take UK citizen’s private data without their full knowledge and consent.
Claude Moraes is a Labour MEP for London
More from LabourList
Compass’ Neal Lawson claims 17-month probe found him ‘not guilty’ over tweet
John Prescott’s forgotten legacy, from the climate to the devolution agenda
John Prescott: Updates on latest tributes as PM and Blair praise ‘true Labour giant’