Privacy czar wants Google Wi-Fi deletion evidence


news Australia’s Privacy Commissioner has written to search giant Google requesting it provide several forms of evidence — including confirmation by an independent third party — that all of the payload data its Street View cars had collected over the past several years as they brushed past Wi-Fi networks on their journeys around Australia had actually been deleted.

In April 2010, Google revealed that its Street View cars were simultaneously collecting data on Wi-Fi hotspots as they drove around populated countries automatically taking photos to use on its Google Maps service. This revelation — and the later disclosure that the search giant had not only collected information about the Wi-Fi access points, but also some payload traffic data — caused controversy globally and in Australia.

At the time, Communications Minister for example, stated that it was possible that Google’s collection of Wi-Fi data constituted “the largest privacy breach in history across Western democracies”. And then-Prime Minister Kevin Rudd also stood by Conroy’s comments.

Subsequently, in May 2011, Google published a blog post stating that several months previously, it had destroyed the payload data its Streetview cars had collected. “You may remember that our ultimate goal was to delete the payload data,” the company said in a post on its Australian blog under the name of senior vice president of engineering and research Alan Eustace. “We can report that this was completed in February under independent supervision.” The company had also committed to various privacy reviews and measures in consultation with the Federal Privacy Commission, who had previously concluded that Google had breached the Australian Privacy Act with the data collection.

However, in a three paragraph letter sent last week to the Australian Privacy Commissioner, as well as similar authorities in a number of other countries (and now published online by the Australian authority), Google revealed that it had not, in fact, deleted all of the data pertaining to Australia and those other countries. “Google has recently confirmed that it still has in its possession a small portion of payload data collected by our Street View vehicles in the UK. Google apologises for this error,” the company wrote.

In response, Australian Privacy Commissioner Timothy Pilgrim wrote a letter to Google (published in full online) stating that unless there was a lawful purpose for its retention, Google should immediately delete the data still retained.

“Once this has occurred I would like confirmation from an independent third party that the data has been destroyed,” Pilgrim added. “Further, I would also request that Google undertakes an audit to ensure that no other disks containing this data exist, and to advise me once this audit is completed.”

“I would add that I am concerned that the existence of these additional disks has come to light, particularly as Google had advised that the data was destroyed. Organisations that retain personal information that is no longer required could leave individuals at risk should it be misused. I appreciate your advising me of this matter, and look forward to confirmation that the data has been destroyed.”

In Google’s blog post of May 2011, the company emphasised how sorry it was for the data collection. “We want to reiterate to Australians that our collection of payload data was a mistake for which we are sincerely sorry,” the company wrote at the time. “Maintaining people’s trust is crucial to everything we do, and we have to earn that trust every single day. We are now looking forward to getting Street View cars back on the roads and continuing to provide a product that is useful for all Australians.”

Let’s all hope that Google can actually manage to correctly delete the Wi-Fi payload data this time around. On a side note, I want to commend Australia’s office of the Privacy Commissioner for publishing the full text of its communications with Google, as its UK counterpart did. This is the kind of transparency which we need to see from a watchdog of the Privacy Commissioner’s standing (housed as it is in the Office of the Australian Information Commissioner).

Image credit: Robert Scoble, Creative Commons


  1. Privacy ‘czar’?


    A czar?

    …more like a privacy gulag latrine cleaner

    The fed caling for the two year data retention, even the faceless cats negotiating the TPP (aka Emersons not secret secret secret), now they know what privacy is all about… and it aint about you and me, baby…

  2. And it can be deleted as many times as required.

    Perhaps he should get a big red “delete from teh internet” button installed at parliament house, surely that would work.

  3. Eh, can’t be bothered. With literally hundreds of TERABYTES (or gigaquads if you’re a Trekky ;)) of data fragmented across thousands of HDD’s, it’s not surprising some still exists.

    Sure, get independent verification, but frankly it makes little difference. They haven’t done it on purpose.

  4. Considering this data was originally collected inadvertently, I don’t find it surprising that they are having difficulty managing and erasing it all, there would have been no system built to handle it as it was basically junk data.

    On the other hand, google continue to learn the costly lesson of limiting the scope of dragnet data collection devices.

  5. We have a privacy czar? Wow! Someone whose title defends from that of Caesar, and whose sole responsibility is the privacy of all Australians. They must be extraordinarily powerful.

    Oh wait – hyperbole? Surely Renai wouldn’t use that.

  6. Slightly amazed that Google are given such slack by other comments.
    They did something illegal, they said they’d sorted it over a year ago, and now they admit they haven’t.
    This is red warning lights flashing. Google are one of THE most powerful entities on the internet. they also have bad form in this area.
    I don’t trust them as far as I can throw them.

    • Illegal? Google drove down public roads and collected wifi signals that that had been broadcast on public spectrum.

      The problem was, that some people using wifi once again on public spectrum didn’t SECURE THEIR OWN WIRELESS and Google collected some data packets as part of the SSID gathering, these packets of data may or may not contain your private information depending on what you had been browsing on the internet at the time.

      I really don’t think google done anything wrong here, if you get upset that you logged into your bank account and sent that packet of data over your own unsecured wifi that is being broadcast out into the street, where anybody can ‘see it’ then this isn’t googles problem, this is YOUR problem.

      Basically what you have down is shout out yor private details from within your house and then complain that someone walking by heard you.

      • @Level380

        Lol. Epic win.

        Precisely my thoughts. You’re dumb enough to not secure your network, you get what’s coming. Google deleted it but there were SO many drives, they missed some. Still not their fault they picked it up….

        • You guys are amazing. You slam entertainment companies all day long, but don’t even know the facts about Google.
          YES, I say ILLEGAL, simply because Google have been found guilty of breaking privacy laws in at least 9 countries.
          Even after they admitted guilt, in over a year tGoogle are still unwilling to do the right thing (as is the topic in the article above).

          Read this:

          • Am I breaking the law if I found a piece of paper out the front of your house on public land and read it? The answer would be no……

            Would I now be breaking the privacy laws if I read this paper and it contained a URL that had been going to? Highly unlikely as well.

            You know, if all these people that scream their privacy has been invaded, maybe you should SECURE your wifi and STFU. I’m sick of hearing whining from people that google invaded their privacy. As I said above, you are using unencrypted public spectrum, you choose to make your wifi easier to use by not putting a password on it, you allowed your wifi signal to go into the PUBLIC streets. Google didn’t drive into your driveway and listen at your windows. They drove down the street at 40ish kmh.

            Any website that google MAY have collected your login from that they COULD read, would have to be sent in clear text, and lets face it, if you are sending your clear txt login details over the internet, you have bigger things to worry about than google, for starters you shouldn’t be banking with them, or using that website! Browsers have been encrypting loging/credit card traffic for years, so even over unencrypted wireless a packet of data captured is pretty useless hours later to access your account.

            People forgot the key facts here
            – unencrypted wireless from lazy users
            – public spectrum anyone is allowed to use, gather, listen, transmit on
            – user allowed wifi signal to ‘bleed’ into street
            – google collected the public spectrum ‘data packets’ from public roads

            Wanted to put a stop to this? Should have turned on WPA2 on your wireless, problem solved…. Deal with it, your fault, move on!

Comments are closed.