[JURIST] The UK Information Commissioner’s Office (ICO) [official website] announced Saturday that it will re-open an investigation into Google [corporate website; JURIST news archive] after the company announced [text] that privacy breaches earlier this year were more serious than originally reported. The UK Metropolitan Police [official website] launched an investigation [JURIST report] in June into whether Google violated privacy laws after the company inadvertently collected data on unsecured wireless networks while photographing streetscapes for its Street View maps program. The investigation began after an advocacy group complained that the interception of unencrypted data was not inadvertent [JURIST report]. The initial investigation revealed no wrongdoing, but the ICO has announced that it will re-examine data samples [Guardian report] in light of Google’s recent announcement that entire URLs, emails and passwords were captured in some instances. The ICO has the authority to impose a fine of up to 500,000 pounds for breaches of privacy, but such a fine has yet to be issued under the six-month-old law. The ICO indicated that it will demand information [The Independent report] from Google before deciding whether to fine the company. Alan Eustace, Google’s Senior Vice President of Engineering and Research, apologized on the company’s blog and stated that the company “did not know for sure” what information it had collected when it made the May announcement. Google also indicated that the company will undergo structural changes to prevent the recurrence of such problems.
Multiple countries have launched investigations into Google’s privacy breach over inadvertent data collection from Street View vehicles, including Canada, Australia and the US [JURIST reports] and the UK conducted investigations to determine if the breach and Google’s practices violated privacy laws]. Earlier this month, Canadian Privacy Commissioner Jennifer Stoddart announced that Google was in violation [JURIST report] of the country’s Personal Information Protection and Electronic Documents Act [text, PDF] (PIPEDA). In July, the Australian Privacy Commissioner announced [JURIST report] that its investigation revealed Google’s actions violated the Australia Privacy Act [government backgrounder]. In response to these findings, Google issued an apology on its official Australian blog [text], and agreed to conduct a privacy impact assessment on any new Street View data collection activities in Australia and regularly consult with the privacy commissioner about personal data collection activities arising from significant product launches. Spain announced in August that it was launching an investigation [JURIST report] into potential privacy law violations. Also in August, the South Korean National Police Agency (SKNPA) [official website, in Korean] raided the Google South Korean headquarters [JURIST report] in connection with accusations that the company had been illegally acquiring user data.