Skip to main content

Google must destroy leftover Street View data, says Australian privacy regulator

Australian officials want Google to delete the unencrypted Wi-Fi data that the search giant inadvertently collected via its Street View vehicles.

In a letter to Iarla Flynn, the head of public policy and government affairs for Google Australia, the Office of the Australian Information Commissioner (OAIC) called for Google to immediately destroy the data and provide the government with confirmation from an independent third party.

"Further, I would also request that Google undertakes an audit to ensure that no other disks containing this data exist, and to advice me once this audit is completed," OAIC Privacy Commissioner Timothy Pilgrim said in the letter, dated 6 August.

Pilgrim said the retention of unnecessary personal information could put individuals at risk if misused.

The request comes shortly after Google admitted that it accidentally failed to delete all collected data as promised.

At issue is a May 2010 admission from Google that equipment attached to its Street View cars collected data that was traveling over unencrypted Wi-Fi networks, known as payload data. At first Google said it did not know if that data included personally identifiable information, but the company later admitted that it did include entire email addresses, URLs, and passwords.

The data was supposed to be deleted at the end of 2010, but Google recently discovered during a manual review of its Street View disk inventory that it still existed. Payload data was found from the UK, Ireland, France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, and Austria.

Last week, France's Commission Nationale de I'informatique et des Libertés (CNIL) ordered Google to hand over any leftover payload data. When UK officials got wind of the rogue Street View data, meanwhile, the Information Commissioner's Office (ICO) said it would forensically review the information before deciding on a course of action.

"The ICO is clear that this information should never have been collected in the first place and the company's [Google's] failure to secure its deletion as promised is cause for concern," the ICO said in a statement last month.