Australian Privacy Commissioner Karen Curtis today said her investigation into Google’s inadvertent collection of Wi-Fi payload data through its Street View vehicles showed any collection of personal data by the search giant “would have” breached the Australian Privacy Act.
However, the future of the data collected remains unclear.
“Collecting personal information in these circumstances is a very serious matter. Australians should reasonably expect that private communications remain private,” said Curtis in a statement, noting that her opinion had been reached after the conclusion of her investigation into the matter and “on the information available”.
As a result of the investigation, Google has published an apology to Australians about the matter through its Australian blog, and will undertake to conduct a privacy impact assessment on any new Street View data collection activities in Australia that include personal information — with that assessment to be provided to Curtis’ office.
In addition, Curtis said, Google had committed to regularly consult with her office about personal data collection activities arising from significant product launches in Australia.
“These steps will ensure Google’s future products have privacy protections built in rather than bolted on. Google’s undertakings will last for three years,” Curtis said.
Google’s statement on its blog is posted under the name of Alan Eustace, its senior vice president of Engineering and Research.
”We want to reiterate to Australians that this was a mistake for which we are sincerely sorry,” said Curtis. “Maintaining people’s trust is crucial to everything we do and we have to earn that trust every single day. We are acutely aware that we failed badly here.”
“In Australia, we have been working with the Privacy Commissioner to support her investigation into what happened. We welcome today’s conclusion of this investigation, and as a result we have committed to working even more closely with them going forward on the privacy implications of our product launches.”
The future of the data collected by Google, however, remains unclear.
Neither Curtis’ nor Google’s statement mentioned whether the data would be deleted. When contacted, a spokesperson for Curtis said it didn’t have anything further to add to the statement.
“Our ultimate obejctive is to delete the data in consultation with appropriate authorities as we have done with the Irish, Danish and Austrian data protection authorities,” said a Google Australia spokesperson. The search giant could not confirm dealings with any specific Australian law enforcement authorities, but said it was speaking to local authorities to answer any questions they might have.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.