The number of Google searches on Google must have dramatically increased in the past few weeks as a result of Google’s announcement that its Street View cars had collected “payload data.” Google’s aptly-named Street View cars take photographs to create a street map with eye-level photographs. While driving the streets of numerous countries, the cars were collecting information about the name and location of wireless networks to improve applications that provide location information, such as GPS functionality on smartphones.
This new information revealed that Google had collected, not just the name and location of wireless networks, but also information sent over unsecured wireless networks, which is called payload data. Google has said that the collection of payload data was unintentional and the result of software code mistakenly included in the Street View cars program. Google also noted that, because the cars are on the move and the software that the cars use rapidly changes channels, the chance that Google captured data containing anything fragments of data is unlikely.
The French data protection authority (“DPA”), known as CNIL, however, recently reported that it had analyzed payload data collected by Google in France and determined that the data included passwords and email fragments.
The fallout has been swift and thunderous:
· Private litigants filed eight class action lawsuits in six federal district court in the U.S. The lawsuits generally allege claims under the Computer Fraud and Abuse Act, the Wiretap Act, and various state claims, including invasion of privacy, fraudulent concealment, and violations of state consumer protection laws. Some of the complaints allege that the data collection was intentional. On June 8, 2010, Google filed a motion with the Judicial Panel on Multidistrict Litigation to have all of the cases moved to the Northern District of California.
· Connecticut’s Attorney General, Richard Blumenthal, has initiated a multi-state AG investigation. Over thirty states recently participated in a conference call led by Blumenthal’s office regarding the matter. The call reportedly included representatives from the offices of the attorneys general for Illinois, Maryland, Massachusetts, Michigan, Missouri, and New York. Blumenthal, who is running for the U.S. Senate, stated: “Google needs to describe how code that intercepted and collected unencrypted data transmitted over WiFi networks was inserted into its software. . . . We want to know who did this, why and how and when Google discovered it. Another concern is whether the data was accessed in any way by Google and if so when and why.” Blumenthal has sent two letters to Google seeking information.
· Representatives Waxman, Barton, Markey, and Conyers sent letters to Google asking for information about the WiFi data collection. Barton and Markey also sent a letter to FTC Chairman Liebowitz, inquiring whether the FTC was investigating the matter.
· Two German DPAs have filed charges and several others are investigating.
· Other countries around the world, including Austria, France, Italy, Spain, Canada, Australia, New Zealand and Malaysia, have announced investigations.
· Several European countries, including the Denmark, Ireland, and the U.K., required Google to destroy the data collected from those nations.
· Google recently signed an agreement with the DPA in Hong Kong, in which Google agreed to cease collection of data from WiFi networks in Hong Kong and to preserve the data that has been collected until directed to destroy it by the Hong Kong DPA.
And Google, for its part, has sidelined the Street View cars. At least for now, no data collection will prevail over too much.