Google in EU privacy row over Street View data
By Benjamin Fox
Search-engine Google is at the centre of an embarrassing data privacy row after French and British regulators demanded access to all Wi-Fi data collected for its Street View site.
The move came when Google's legal advisor Peter Fleischer admitted in a letter sent last week (27 July) to the UK information commissioner that personal data collected in 2008 and 2009 had not been destroyed.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
In a statement released on Wednesday (1st August), the French CNIL confirmed that it had "asked Google to make available the data in question and to secure time to conduct all necessary investigations."
The search-engine had initially claimed to have deleted all personal data collected by its Street View cars but admitted that the company had "determined that we continue to have payload data from the UK and other countries."
Fleischer insisted that Google was ready to "delete the remaining UK data" adding that they were "prepared to arrange for you to review this data, or to destroy it."
CNIL has also fined Google €100,000 for retaining the data, which includes personal passwords and login details, online searches and email exchanges. For its part, the ICO said that the software giant faced a £500,000 fine for failing to meet its commitments.
Google uses cars to collect Wi-Fi data for its Street View service which is used for its Google Maps application allowing consumers to access detailed images of local sites.
The French regulator is already leading an investigation into Google's privacy policies, which were revised earlier this year in April, on behalf of the EU's Article 29 working group on data privacy. It is expected to report in September.
The incident also has implications for the ongoing negotiations on the EU data protection package.
Under the proposals tabled by Justice commissioner Viviane Reding in January, rules on the processing and use of data would be tightened, including a 'right to be forgotten' - giving people the right to have personal data deleted if there are no legitimate reasons to keep it.
It also aims to increase the level of harmonisation across the EU's 27 member states with firms answerable to national data supervisors.
In its legal opinion on the bills, the European data protection supervisor called on legislators to increase enforcement powers for national authorities and pan-EU co-ordination, voicing its concerns about differing national enforcement regimes.
The UK office has faced criticism from data privacy campaigners and MPs. In a press statement, Nick Pickles, director of the UK-based Big Brother Watch, complained that "the ICO is hampered by a woeful lack of powers and is forced to trust organisations to tell the truth."
He added that Google's behaviour emphasised the need to "demand a proper regulator with the powers and punishments to fully protect British people's privacy."
Under the new regime, companies flouting data protection rules could face fines of up to 2 percent of their annual turnover, potentially leaving the likes of Google open to multi-million-euro fines.