Google faces new data privacy investigation

Google is to be reinvestigated over new claims that it deliberately collected personal data, including emails and passwords, while it was capturing images for its Streetview Maps service in Britain.Google had agreed to delete all of the information that had been collected in November 2010, telling the Information Commissioner’s Office (ICO) that the data had been gathered as a result of a simple mistake.

But the ICO has now reopened its investigation following a report by a US watchdog which found emails, passwords and other information had been deliberately collected from millions of unknowing internet users through software deliberately written by an engineer.

Some analysts have claimed that entire emails and passwords could have been collected, although Google has never been accused of using the data for commercial purposes.

Steve Eckersley, the ICO’s head of enforcement, wrote to Alan Eustace, Google’s senior vice president, telling him the ICO’s investigation has been reopened and asking for further information.

The move followed a report by the Federal Communications Commission in the US which found in April that an engineer, engineer Doe, deliberately wrote the software to capture the information in 2006 and shared his work on the Street View project with the entire team in October of that year.

The long list of data collected by the cars included information relating to online dating sites, visits to pornographic sites, and data in video and audio files, Mr Eckersley said.

Medical listings, legal infractions, and complete email messages were also collected, with email headings, IP addresses, full names, usernames, passwords and telephone numbers.

“It therefore seems likely that such information was deliberately captured by GSV (Google Street View) operations conducted in the UK,” Mr Eckersley wrote.

He added that during the ICO’s original investigation, the watchdog was “specifically told by Google that it was a simple mistake”.

The watchdog called for Google to provide details on what data was collected in the UK, when Google managers were aware it was happening, and why this type of data was not included in the sample of information provided to the ICO during its original investigation.

It also called for Google to provide investigators with copies of the original software design document and what measures were introduced to prevent breaches of the Data Protection Act 1998.

Although the  US Federal Communications Commission’s report was non specific in it’s published findings, Google appears to have a case to answer to the ICO.