As part of a settlement with the Australian Privacy Commissioner, Google has apologized publicly on its official blog for inadvertently collecting personal data from unprotected wireless networks via its Street View cars, a privacy breach that has tied the search giant up in regulatory knots in dozens of countries, including the U.S., Canada and the European Union. Although the public mea culpa appears to have saved Google from any further regulatory action in Australia, however, there is still a very real chance that the company could face government sanctions in some of these other jurisdictions, and it continues to wrestle with the issue of what to do with the data that has already been collected. A simple apology isn’t going to end this issue.
In the apology, Google’s Senior Vice President for Engineering and Research Alan Eustace said the company was happy that the Australian government had completed its privacy investigation (the official results of which are here) and that Google was “committed to working even more closely with them going forward on the privacy implications of our product launches.” The blog post also said:
We want to reiterate to Australians that this was a mistake for which we are sincerely sorry. Maintaining people’s trust is crucial to everything we do and we have to earn that trust every single day. We are acutely aware that we failed badly here.
So far, Eustace is the only Google executive to have actually used the words “we’re sorry” in connection with the Street View privacy breach (the Australian blog post echoed the Google VP’s comments in May when the data collection was first discovered). Although Google co-founder Sergey Brin has admitted that the company “screwed up” by collecting the wireless data, he stopped short of actually apologizing. The company’s director of public policy,
Hugo Pablo Chavez, said that Google was “profoundly sorry” for its mistake, but that was in a letter sent to the U.S. House of Representatives after several congressmen asked for a response from CEO Eric Schmidt. In his initial response to the incident, Schmidt dismissed concerns about the privacy implications, saying “no harm, no foul.”
Despite its Australian apology, however, Google may still not be out of the woods in that country or elsewhere: the company continues to face a possible investigation by the country’s federal police force over the Street View data collection. And there is the ongoing threat of legal and government sanctions in other countries as well: German authorities have undertaken an investigation that could lead to criminal penalties, there is a class-action lawsuit against the company in the U.S., and Federal Trade Commission Chairman John Leibowitz has said the agency will be taking “a very close look” at the company’s behavior.
The collection of personal information by its Street View cars, including email addresses and other data — which Google said resulted from an error in the way its cars tracked the existence of wireless networks, something they did in order to verify the location of the photos they were taking — was discovered when German authorities asked to see the data that the company had been collecting. Google originally said that it had not captured any personally identifiable information, but later admitted that it had. In addition to breached rules in various countries governing privacy, some U.S. legal experts have suggested that Google may have broken federal laws designed to prevent wiretapping.
Meanwhile, the issue of what to do with the data it has collected remains: after discussions with federal authorities in a number of countries including Denmark, Ireland and Austria, the company has destroyed the information — in some cases under supervision by a neutral third-party who could verify that this was done. But in some other countries, including Britain, Germany, France and Italy, authorities have demanded that Google hand over the data so that it can be used in possible legal cases against the company. Google recently said it will begin collecting Street View images again in Ireland, Norway, South Africa and Sweden, with the approval of regulators in those countries, and says it has removed any wireless-network related equipment from its cars.
Related content from GigaOM Pro (sub req’d): Why New Net Companies Must Shoulder More Responsibility