back to article ICO could smack Google Street View with fine after all

In one of my blogs on Google Street View, I wrote that the Information Commissioner (ICO) could not serve a Monetary Penalty Notice (MPN) on Google when its software captured some personal data from household Wi-Fi systems. This assessment was based on the fact that Google published statements to the effect that only an …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    "Individuals can reclaim their privacy on the internet at any time"

    You missed out a few words "If they're rich enough"...

    I always find it very amusing that there is a large gap in the the Streetview coverage of Edinburgh, directly outside the house of the ex-banker Fred the Shred.

    AC, which is rare...

    1. Wizardofaus
      FAIL

      Re: "Individuals can reclaim their privacy on the internet at any time"

      What you talkin' 'bout boy?

      My house isn't on streetview. I requested it be removed, just as anyone can. Here's a hint. IF your house is on Streetview and you don't like it, all you have to do is click the "report a problem" link at the bottom of the streetview image, and follow the instructions.

      It's that simple - no conspiracy theories needed, just a little common sense.

      1. Starkadder

        Re: "Individuals can reclaim their privacy on the internet at any time"

        It isn't that simple. I live in a terrace and repeated requests to remove my house have not worked (even though it was illegally photographed from a private road, where Google had no rights to be.)

  2. Lloyd
    FAIL

    Of course they will

    In exactly the same way they did with Phorm when the EU came down on them.

  3. Anonymous Coward
    Anonymous Coward

    The most pressing problem for privacy violations..

    .. is that big offenders are allowed to translate individual violations into a percentage instead of being made to cough up for each violation individually.

    Taking Streetview as an example, the Swiss court has now made it legally acceptable to be 99% right. This is flat out wrong. The impact of a data breach on the INDIVIDUAL involved is identical, wether it happens to them alone or a group of people, and it is not like the laws didn't already exist at the time Google did its Streetview collection. As a matter of fact, when Google started in Switzerland they already had a heads up from the Japanese that not everyone subscribed to their view of privacy (i.e. "you have none if it makes us money, get over it") so even the popular German Nazi defence "ich habe es nicht gewusst" ("I didn't know") is not operable here.

    If Google is not held to the same law, standards (and fines) as local companies, there IS no law. We might as well abandon the whole Data Protection structure and save the money.

    1. Anonymous Coward
      Anonymous Coward

      Re: The most pressing problem for privacy violations..

      You want you and Google to be held to the same standards? Fine. From now on, you are forbidden from posting pictures on the web, unless you blur the face of every person and every car plates. You also have to provide a link for the purpose of taking down the picture within two days... Also, you get to be sued by people who ignored your link, and demand damages for exposing their privacy.

      The fact is, the terms that apply to Google are more strict than anything which applies to individuals.

      1. stanimir

        Re: The most pressing problem for privacy violations..

        The blurring tech sucks so bad, at least 10% of the cars in the city I live are perfectly well visible, so are the faces.

  4. Andy J
    Big Brother

    Unintentional??

    Given that someone had first to build and install the antennas and demodulation circuitry to capture the Wifi signals AND also connect said output to the data recording device used to store the GPS and image data, I would say it's stretching credulity somewhat to say that storing of the comms data was unintentional.

    1. ratfox

      Re: Unintentional??

      The main purpose of the antennas was to identify the Wifi networks which are used for geolocation. This has not been much of an issue. The big issue is that the unprotected data going over these networks was also stored, instead of just recording the network IDs and deleting the rest.

  5. andreas koch
    Black Helicopters

    I don't quite understand

    why people worry about Google's Street View so much when the same people use their iPhone or pad (in the near future with IOS6 inter-device-networking and pay-by-phone capabilities) and their Tesco/ Nectar cards. The data aggregated through those is much more comprehensive than anything that could be gleaned through a peep over the fence. You don't have any control over where the data from these goes; and it is a lot of data indeed. The stores can data-mine where you went, at what time and what you did there. Together with CCTV footage (which doesn't have to be blanked out), a participating company can tell that you left the house before 0900h [filled up at Shell at 0907h] in your second car [automatic number plate recognition at the fuel station, correlated to the Nectar card and your credit card], drove along the M4 [bought a coffee at the Motorway services at 0946h, including CCTV], went over the Severn bridge [paid toll by bump] and then met your 'Miss Secret' in Cardiff [Two Latte at Costa]. She has recently stopped buying Tampax and answered to a Mothercare leaflet. You were both on CCTV looking at cots and prams in Toys-R-Us. You bought a bracelet from H.Samuel online, and downloaded 'Relaxing songs for the mum to be' from itunes.

    Conclusion: You are cheating on your wife, and a spli-up is imminent.

    Consequence: You get divorce lawyer's advertising in your mail.

    Compared to that, being on StreetView laying in your garden wanking naked is somewhat less compromising, I think.

    1. Anonymous Coward
      Stop

      Re: I don't quite understand

      I agree, but Google are the current privacy pariah and all round bad guys. So most people who really should stop and think feel free to jump on the Let's Bash Google bandwagon.

      There are far too many drinking from the fountain of paranoid conspiracy.

      In the UK we're "pushed, filed, stamped, indexed, briefed, debriefed or numbered" up to our eyeballs every day.

      Google doesn't even make it onto the list of threats to personal privacy.

    2. dephormation.org.uk
      Holmes

      Re: I don't quite understand

      The issue was the law and consent, and the deliberate capture and retention of communications data, and the lies told to regulators about Google's intentions.

      Deliberately and covertly capturing and retaining communications data without consent from sender AND recipient is a crime (per RIPA, Wireless Telegraphy Act).

      That's the problem.

    3. Turtle

      Re: I don't quite understand

      "I don't quite understand why people worry about Google's Street View so much when the same people use their iPhone [etc] and their Tesco/ Nectar cards. The data aggregated through those is much more comprehensive than anything that could be gleaned through a peep over the fence."

      Well, I do not know what a "Tesco/ Nectar card" is, so my comment here might be well off the mark for that reason, but even numerous random people taking pix with their phones is not the same as one company doing it on a mass scale, labeling it, and putting it on the internet.

      1. andreas koch

        @turtle - Re: I don't quite understand

        Tesco is a big supermarket chain here in the UK which runs their own 'reward scheme' points card. Nectar is a reward scheme that is spanning over scores of companies from retail (all kinds of, ebay and amazon e-retailers), services (including iTunes...), fuel, holidays even to health insurance and credit card services. Collected data is, as far as I know, shared between participants, so if a new company joins the scheme, they have access to your data, even if you not gave your permission to them specifically.

        1. Turtle

          @andreas koch Re: @turtle - I don't quite understand

          Thank you for the explanation! It's greatly appreciated.

          Personally, although I do not really see what harm it could ever do me, I do not like having any retailers having information about me, and avoid it when I can. Buying online makes this impossible to avoid, of course. In many chain-stores here we also have what seem to be the same rewards programs, but I have my rewards cards under false names. Just for the sake of , you know, indulging my paranoia and suspiciousness. And of course, we do not - as far as I know - have any overarching multi-store rewards program. That would make me quite uncomfortable, frankly.

      2. Anonymous Coward
        Anonymous Coward

        Re: I don't quite understand

        "Deliberately and covertly capturing and retaining communications data without consent from sender AND recipient is a crime (per RIPA, Wireless Telegraphy Act)."

        As the data was sent in the clear, the Streetview car was a legitimate recipient. And the sender gave their consent by choosing to send in the clear.

    4. EvilGav 1

      Re: I don't quite understand

      Ok, let's just cool off and remove that tin-foil hat a little.

      In your little playlet, you have a number of companies (and a government agency or two) colluding and sharing data to come to that conclusion - a store card, a credit card, the DVLA, the Severn Bridge authority (whoever that is), Toys-R-Us and Apple.

      Now i'm quite happy that not all companies are whiter than white, i'm also ok with using my Nectar card, afterall, that was my choice to get one and use it. And that, my friend, is the big point here - I choose to use a store card, I choose which credit or debit card I use, I choose whether to go to a petrol station and use a store card etc etc etc. I at no point chose to have a foreign company drive down my street and photograph everything and slurp data while it did so.

      1. andreas koch

        @EvilGav 1 - Re: I don't quite understand

        As far as I know, Nectar does not send out consent forms if a new company joins the scheme. You will, in that case, have your data going to a place that you don't know of.

        I know, I constructed something like a worst-case-scenario there and that it isn't really all that bad. But it would only take a very few agreements that you have no control over, and we would have a situation where data mining could show more than you want to be shown.

        And even that would not be so bad, if there wouldn't be the problem of data being misinterpreted.

        Your health insurance suddenly goes up, because your brother thought that he'd do you a favour buying his paragliding equipment through your rewards card. Or worse, a claim gets turned down, because of the technicality that you didn't tell the truth about your activities (these weren't your activities, but the insurance lawyers might want you to prove that, and that might be a bother if you're desperate for a bone marrow transplant...)

        The aggregation of data is not the bad thing. It's coming to the wrong conclusion after sifting through it. I think.

        That scares me.

    5. toadwarrior

      Re: I don't quite understand

      You aren't forced to get a clubcard or nectar card and cctv isn't publically available. Where as what google is doing is done without permission on a massive scale and publically assessible.

      While I don't really have a problem with anyone taking photos in public. I can understand why it annoys people when they purposely built something taller than your average person to snap photos of everyone's property for profit.

      You just can't compare someone taking dozens of photos on a trip to photographing as much of the world as possible for monetary reasons.

      1. andreas koch
        Pint

        @ toadwarrior - Re: I don't quite understand

        <quote>You aren't forced to get a clubcard or nectar card and cctv isn't publically available. Where as what google is doing is done without permission on a massive scale and publically assessible.</quote>

        You have a point there, although the questioned Wifi data is, as far as I know, not available.

        Nevertheless, I think that the general public does not realise how much data is gathered through their 'rewards' card, just as they don't realise how much Google gleaned from their drive-by; which is, I would bet, on average much less.

        Google did it without consent, Nectar does it by exploiting that most people do not see past the 'rewards' bit and willingly supply the companies with consumer data that would otherwise be expensive to gather.

        Do you think that the same amount of people would sign up if Nectar's adverts would state that:

        'We record your shopping behaviour on behalf of over 500 companies and sell the results to them so they can design their advertising campaigns easier and cheaper and present their goods in a way that reduces the risk of losing money by having to lower the prices of stuff you otherwise won't buy. In return we grant you a discount of up to 2%*' ?

        I'm not sure...

        Anyway, I don't need to get a card, as you said, and I'm fine with that. Let's drink to that.

        *I just checked: You can pay a return flight from London to Barcelona on easyjet with Nectar points. To gain these, you have to spend around £23.000 at Sainsbury's. Wow.

  6. dephormation.org.uk
    Windows

    The ICO take action?

    Those lazy sods? Take action?

    You have to be taking the proverbial.

  7. Turtle

    Feeling And Being.

    "The court also emphasized that individuals should not feel as if they are under constant surveillance. "

    That's not quite the same as saying that they should not actually *be* under constant surveillance.

  8. Anonymous Coward
    Anonymous Coward

    The ICO are a joke

    They'll perform only the most cursory of investigations into breaches by private companies (the bigger the less detailed the investigation), take assurances at face value and then change their mind as soon as a more competent regulator from another country actually does their job and makes them look foolish.

    Meanwhile public authorities are fined hundreds of thousands for breaches.

    Useless!

  9. Benjamin 4

    They should give Google a slap on the back and make them publish all captured data on the internet. Maybe then the f**kwits who have have unencrypted networks will do something about it. If you don't want people listening in on your data, do something about it.

This topic is closed for new posts.

Other stories you might like