GOOGLE destroyed confidential information collected by its British fleet of Street View cars after the government’s privacy watchdog spent less than three hours examining a small sample of the data.
Phil Jones, the former assistant commissioner of the Information Commissioner’s Office (ICO), which was set up to safeguard individuals’ right to privacy, said it had not wanted to spend money on hiring a computer expert to do a full analysis of the material.
In France, Holland, Germany and Canada, where investigating authorities ordered Google to preserve the data until it could be properly examined, huge violations of privacy have since been uncovered.
By contrast, Jones and his colleague David Evans, the ICO’s strategic liaison group manager, were shown only a “tiny proportion” of the material by staff at Google’s London headquarters during a 2-hour visit in July 2010.
Privacy campaigners believe the haste with which the ICO allowed Google to destroy the information has denied victims the right to seek justice.
Advertisement
The revelation will heap further pressure on the ICO, which already stands accused of an ineffective investigation into the Street View data scandal and allowing potentially crucial evidence to be wiped.
The visit by the ICO to Google took place two months after the computer giant admitted that its Street View cars, supposedly designed to photograph every road in 30 countries, had been siphoning private information from homes with unsecured wi-fi internet connections. Google insists that it never intended to collect such information.
Jones admits that neither he nor Evans had the technical expertise required to analyse the “payload data” from the cars. Yet on the basis of their findings, Google not only escaped a fine but was allowed to destroy the information.
“The ICO didn’t have anyone with the necessary level of computer expertise at the time and it would have cost many thousands of pounds to hire an outside contractor to go through all the data,” Jones said.
“All regulators have to deal with limited resources, and in this case we had to take account of the fact that there appeared to be no evidence Google was going to use this data or that any individual was at risk because of it.”
Advertisement
Jones said he was only able to see “snippets” of identifiable information among the data samples he was shown by Google. Yet trawls of raw data in other countries uncovered confidential data, including emailed correspondence about an extramarital affair, passwords, banking transactions, a psychological report on a child and documents from a health clinic.
Emails released under the Freedom of Information Act show Google even had to delay its deletion of British data because it had to extract it from discs containing information from other countries that had made “preservation requests” to safeguard evidence for investigations.
In America, the Federal Communications Commission revealed last month that gstumbler, the software used by Street View, had been specifically designed to gather personal data.
Last week The Sunday Times revealed that Marius Milner, the British developer of gstumbler, had warned colleagues about the potential privacy implications of his software.
At the time, the Street View cars were digitally sweeping Britain’s roads collecting data. It is estimated that a quarter of households did not have a password on their wi-fi networks, putting potential victims in the millions.
Advertisement
The ICO is now considering whether to reopen its investigation. But privacy campaigners believe that the deletions in late 2010 make such a move pointless.
Nick Pickles, director of Big Brother Watch, said: “British citizens are unlikely to know how their privacy was intruded upon or have any meaningful redress. It is remarkable that when regulators around the world were doing their best to secure all the data Google had captured, the ICO was trying to wash its hands of the whole episode by urging Google to delete everything.
“This is all the more astounding given that the initial investigation appears to have been far from thorough, with little or no independent forensic analysis of the data captured.”
The ICO described Jones and Evans as “long-standing data protection experts” and said they were qualified to judge whether the information collected by Google represented a breach of the Data Protection Act. Its reprimand for the US-based search engine giant amounted to a provisional audit of its privacy practices.
Jones, who left the ICO in August 2010, defended the investigation into Street View data and insisted the ICO had acted properly.
Advertisement
“There’s no doubt the way this information was collected by the company was odd and worrying, but ultimately it was not going to do any more harm. We had other investigations where this was not the case and so were a far better use of our limited resources,” he said.
Simon Davies, director-general of Privacy International, a lobbying group which originally pushed for a criminal investigation into the Street View project, accused Jones of letting Google off the hook.
“The big multinationals always get away with it and they will continue to, while our regulators fail to act,” he added.