German prosecutors have launched a criminal investigation over whether Google broke data protection regulations when it collected fragments of Wi-Fi data while shooting imagery for its mapping application.
The probe, conducted by the Hamburg Prosecutor’s Office, follows Google’s admission that it mistakenly collected the content of communications from non-password protected Wi-Fi networks using its Street View vehicles, which photograph streets for the Google Maps service.
The Hamburg prosecutor’s office is at an early stage in the case, spokesman Wilhelm Möllers said Thursday.
Möllers said his office will investigate how Google was collecting the data, but that it may be at least two weeks before a decision is made whether to file charges.
Google said it collected Wi-Fi network data, such as SSID (Service Set Identifier) information and MAC (Media Access Control) addresses. The company said it only collected fragments of personal Web traffic as its Wi-Fi equipment automatically changed channels five times a second. Wi-Fi networks can carry several megabytes of data per second.
The criminal probe marks an additional problem for Google in Germany, which has been under ongoing scrutiny from Hamburg’s Data Protection Agency.
The Data Protection Agency has the power to assess penalties against Google, and has asked the company to turn over by next Wednesday a hard drive from one the vehicles collecting the data, according to an official from the agency.
“We have several problems with Street View and more problems with WLAN” scanning, she said.
Although Google has collected Street View data for Germany, the service has not been launched there. Google has not yet fully responded to a set of 13 points compiled by the Data Protection Agency that it says are necessary to comply with German laws, she said.
One of those points is agreeing to delete images of peoples’ homes from Street View before those images go live, she said. In other locales, Google will remove an image on request, but only after publication.
Germany’s privacy laws generally restrict photographs of people and property without a person’s consent, except in very public situations, such as a sporting event.
The Data Protection Agency also requested that Google more thoroughly blur peoples’ faces and that those partially censored images be permanently deleted from its databases.
Italy’s data protection authority and the French National Commission on Computing and Liberty (CNIL) are also reviewing Google’s Wi-Fi scanning. The U.K.’s Information Commissioner’s Office said Google appeared to have breached data protection requirements, but that it would not pursue the company after Google agreed to delete the data.