Data protection authorities in France and Italy have joined Germany in investigating Google’s Street View service, following the company’s admission last week that its
camera cars collected Wi-Fi traffic as well as photos.
Google operates a fleet of vehicles that compile panoramic images of city streets for its Google Maps site. Those cars also recorded the position of Wi-Fi hotspots to power a location service Google operates. Mobile devices within range of a recognized hotspot can be located on Google Maps.
What has attracted the attention of privacy regulators, though, is that Google recorded not just the names of Wi-Fi hotspots, but also the traffic flowing through them at the time the company’s cars passed. Google defended itself on Friday, saying the data collection was accidental and that it only collected fragments of personal Web traffic as it passed by because its Wi-Fi equipment automatically changes channels five times a second. On Wi-Fi networks operating at 54M bits per second, though, you can record a lot of traffic in one-fifth of a second.
On Wednesday, the Garante per la protezione dei dati personali, Italy’s data protection authority, announced that it had begun an investigation of Google’s data collection for its Street View service.
The company must disclose to the authority the date it started collecting information, how it collected the data and for what purpose, and where and for how long it stores the information, the authority said. Finally, the company must clarify what data it collected from Wi-Fi networks, and whether any of that information has been sold.
In France, where companies must file a declaration with the French National Commission on Computing and Liberty (CNIL) describing personal data they intend to store in computer systems and the use they plan to make of it, Google might have avoided trouble if it had simply stated in advance that it intended to record the Wi-Fi traffic.
Noting Google’s admission that it had collected Wi-Fi traffic, CNIL said Wednesday: “This collection was not mentioned in Google’s declaration to the CNIL. That’s why the Commission is currently conducting a review of Google, in order to obtain all the information on this case and decide what action to take.”
Data protection authorities in Germany have already announced investigations of Google’s collection of Wi-Fi data, but the U.K.’s Information Commissioner’s Office decided not to pursue the company after it promised to delete the data.