Google Street View is a technology featured in Google Maps and Google Earth that provides panoramic views from various positions along many streets in the world. It displays images taken from specially adapted cars, the Google Street View vehicles.
These vehicles take pictures and also collect GPS and Wi-Fi information so as to record location of the pictures. Wi-Fi hot-spot triangulation is a commonly used method of determining location. It is also used as a system of geolocalisation on modern smartphones especially since GPS doesn't always work in urban locations and cell-tower positioning can be inaccurate.
The data recovered by Google, notably with the Street View vehicles, is used for the mobile application Google Maps Navigation which is an internet-connected GPS navigation system with voice guidance.
However, the data collection programs thanks to which these applications work were extensively criticized because of issues related to the collection of personal data.
As a matter of fact, in May 2010, Google admitted that their Street View vehicles were also collecting data transmitted over unsecured Wi-Fi connections and pretended to have been unaware of this situation until recently.
The Google cars intercepted and stored Web traffic data. Initially, Google said that these interceptions were highly fragmented, but the company has recently admitted that these data collections included e-mail messages and also passwords. Alan Eustace, senior vice president of engineering and research of Google, admitted on the 22nd of October that "while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords"1.
The following governments have decided to investigate on these illegal data recoveries Germany, Canada, Spain, UK, US and France (through the CNIL).
The investigations are still ongoing in Germany, France and Spain. Canada and the UK decided that Google had violated the law but let the company off with a warning and without any fine. The Canada’s privacy commissioner established that this collection was the "result of a careless error" and was not intentional. The UK Information Commissioner's Office considered that “monetary penalties can only be served when a strict set of criteria is satisfied, including that the breach was likely to cause substantial harm or substantial distress (which) would be very hard to prove in this case”2.
The U.S. Federal Trade Commission has decided not too push further its investigation of Google's "Street View" mapping program and not to fine the company considering that Google has made improvements to its internal privacy practices.
In order to prevent a similar situation in the future, Google promised to put in place a governance model ensuring that procedures for protecting privacy are in place and followed before launching products. Thus, Alma Whitten, who is an expert in the computer science field of privacy and security, has been nominated as the director of privacy across both engineering and product management. In addition, all the employees of Google will follow orientation training on Google’s privacy principles and are required to sign Google’s Code of Conduct, which includes sections on privacy and the protection of user data.
A second problem appeared with the data collection program used with Google Maps Navigation.
Since May 2010, Google has stopped to collect data and to record the localisation by the Wi-Fi access points with its Google Street View Cars. This data was used by the company for its navigation system, especially for the Google Maps Navigation program. Now, in order to update its applications, Google uses a technology based on crowdsourcing3 the data.
Thus, when you communicate your location information on some Google applications, such as Google Maps Navigation, through your mobile phone, you are sharing this information with Google which then uses this crowdsourced data in order to treat its mapping capabilities. So, the Google applications users are helping this company to build out a database of Wi-Fi hot spots with GPS coordinates by transmitting the location of any Wi-Fi access point in wireless range. It's almost the same thing as Google's Street View project without the cars driving along the streets.
All the more, users are almost compelled to share their personal data (location data in this case) with Google because if they don’t want to, and then decline the prompt to send "anonymous location data", they won’t be allowed to use the wireless network to triangulate their position and then will use a system based on GPS and cell-tower positioning which is less accurate.
Google declares that its applications are not collecting the MAC (media access control) addresses of client devices because of privacy reasons and because it would be pointless since the users are constantly on the move. Google also warrants that the location data sent are anonymous and that users can decline to send the data back to Google.
However, no independent investigation have been lead on that question. The scandal of the personal data collection with the Street View vehicles has been public only in May 2010 whereas this system was launched in 2007. So, users and authorities should be concerned by this new collection scheme and its possible use.
Concerning the matter of the Google Street View cars data collection, we are still waiting for the CNIL decision. Since this organization has a high level protection policy on personal data, it is possible that it won’t agree with the decisions of the Canadian, UK and US privacy commissions and decides to sanction Google.