The British Information Commissioner’s Office has not explicitly and unambiguously called Google a bunch of liars. And that’s about where the good news ends for Google this week.
The ICO, which oversees the United Kingdom’s data protection laws, had previously cleared Google of any wrongdoing in its Street View data collection. Now it’s formally reopened the investigation, questioning whether it got the whole story.
For those who’ve somehow missed it, the short version of the case is that the Google vehicles that take pictures for Street View maps around the world were also scanning for Wi-Fi networks, officially to use them as reference points for location services. In reality, Google was actually sucking up huge amounts of wireless data, including snippets of e-mails and personal details where people hadn’t encrypted their connection.
The ICO, as with several similar organizations around the world, looked into the issue and accepted Google’s story that a rogue engineer had added the data collection function at an early stage and never removed it nor told anyone it was there. The ICO concluded that while Google had been sloppy, it hadn’t acted illegally.
The Federal Communications Commission came to similar conclusions, though it did issue a token fine for Google failing to provide requested information on time. However, the FCC’s full report did reveal that the Google story didn’t fully hold up: the “rogue engineer” had explicitly e-mailed colleagues noting “We are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing… [this data could be] analysed off line for use in other initiatives.”
The ICO noticed this in the report and has now written to Google, saying ” During the course of our investigation, we were specifically told by Google that it was a simple mistake, and if the data was collected deliberately, then it is clear that this is a different situation than was reported to us in April 2010.”
It’s now reopened the probe and is demanding Google not only tell it exactly what data it collected in the UK, but also the precise timetable of what Google managers knew when, and what they did to limit further data being collected. It also wants a copy of all the design documents from the relevant software. Finally, the ICO wants a full explanation of why Google didn’t come clean during the original investigation.
Google says it will respond to the request. It’s sticking to its line that “project leaders” didn’t ask for, use or see the data — though it notably doesn’t deny they were aware it had been collected.