August 4, 2010



After an investigation that has spanned almost two months, the Australian Privacy Commissioner, last month, concluded that the collection and storing of unsecured WiFi payload data using Street View vehicles in Australia by Google has breached the Privacy Act. The Privacy Commissioner said, "On the information available I am satisfied that any collection of personal information would have breach the Australian Privacy Act. Collecting personal information in these circumstances is a very serious matter. Australians should reasonably expect that private communications remain private".

In response to the investigation, Google has provided the Privacy Commissioner with several written undertaking and published an apology. The undertakings are:

1. Undertake to conduct a Privacy Impact Assessment (PIA) on any Street View data collection activities in Australia that include personal information.
2. Provide a copy of these PIAs to the Commissioner Office.
3. Regularly consult with the Australian Privacy Commissioner about personal data collection activities arising from significant product launches in Australia.

Google's apology states, "In May, we announced that we had also mistakenly collecting publicly broadcast payload data. To be clear, we did not want and have never used any payload data in our products or services - and as soon as we discovered our error , we announced that we would stop collecting all WiFi data via our Street View vehicles...We want to reiterate to Australians that this was a mistake for which we are sincerely sorry. Maintaining people's trust is crucial to everything we do and we have earn that trust every single day. We are acutely aware that we failed badly here."

In the U.K, however, Google was cleared. The Information Commissioner Office (ICO) on 29 July 2010 stated, "The ICO has visited Google's premises to assess samples of the payload data it inadvertently collected. ..The information we saw does not include meaningful personal details that could linked to an identifiable person."

The ICO qualifies this statement by saying that "As we have only seen samples of the records collected in the U.K we recognise that other data protection authorities conducting a detailed analysis of all payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals." The ICO concludes that, "on the basis of the samples we saw we are satisfied that so far that it is unlikely that Google will have captured significant amounts of personal data."