Software

ICO vs Street View round 2, as Google admits to collecting passwords

Google has owned up to collecting email addresses and passwords in its Street View service, earning itself an investigation by the British privacy watchdog.

The Information Commissioner's Office is investigating Google Street View after the search giant admitted it had collected more personal data than previously thought. Google senior vice president Alan Eustace has owned up to having collected complete email addresses, URLs and passwords that could identify users.

The ICO, Britain's privacy watchdog, initially gave Street View the thumbs-up in 2009 as part of a "common sense approach" to social media gubbins, location-aware thingamajigs and Web-based wossnames. So far so good. Then it emerged in May that Street View cars were casually hoovering up free-floating unencrypted Wi-Fi data as they pootled about Europe's roads and rues, streets and strasse. Google claims this was an innocent mistake and the data collected was all fragmentary and therefore anonymous.

That's alright then, the ICO concluded in July -- despite the fact that, by Google's own admission this week, "no-one inside Google had analysed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained".

Since the Wi-Fi storm in a Gmap, Street View has come under fire across Europe. The Czech Republic has banned the service from mapping any new images. But it's Germany that really has its knackwurst in a knot, threatening legal action against the search giant. It was a German privacy authority that revealed the Wi-Fi harvesting in the first place, and it's European regulators whose closer inspections have revealed the personal data.

Hopefully the ICO will be a little more thorough in its investigations this time, possibly stretching as far as actually looking at the data. It may emerge that none of the details and passwords collected were from the UK, but nonetheless a slap on the wrist for Google is long overdue on this issue.

The ICO can spank a company found guilty of contravening the Data Protection Act with a fine of up to £500,000, which will make those Silicon Valley fat cats and their $150bn company think long and hard before swanning around playing fast and loose with our privacy.