Oct. 27, 2010. The Federal Trade Commission today posted a letter to Google’s counsel announcing that it is ending its inquiry into Google’s collection of information sent over unsecured wireless networks. The inquiry began after Google revealed in May 2010 that its Street View cars had been collecting more than just WiFi location information such as SSID information and MAC addresses. Instead, Google had also been capturing “payload” data sent over unsecured wireless networks. The May announcement came after the data protection authority in Hamburg, Germany, requested an audit of the Street View data.
Google’s May revelation generated a flurry of media attention (e.g. from the Wall Street Journal and New York Times), and regulatory investigations in the United States, Germany, Canada, Australia, the U.K., South Korea, and elsewhere. Several class-action lawsuits also resulted.
Last week, on October 22, 2010 Google announced on its U.S. website that it has taken steps to improve its privacy practices, including appointing a new director of privacy to oversee both the engineering and product management groups, enhancing its privacy training, and implementing new internal privacy compliance practices. This announcement, together with Google’s promise to delete the payload data as soon as possible, and assurance that it will not use the data in any product or service, appears to have appeased the FTC. The FTC’s letter did not contain any determination about whether Google’s actions did or did not breach any data privacy laws, nor did it require any remedial action or fines. Australia, in contrast, had concluded in June that Google violated Australia’s privacy laws, and required Google to publicly apologize, to conduct a Privacy Impact Assessment, and regularly consult with the Australian office about data collection.
Google also acknowledged that – contrary to its earlier postings – “in some instances entire emails and URLs were captured, as well as passwords.” While Google’s October 22 posting satisfied the FTC, this revelation caused the U.K. to announce that is re-opening its investigation into Google’s privacy practices. The U.K. had closed its investigation in July after reviewing sample payload data, concluding that personal data, emails and passwords were not collected.