Google Street View data investigation reopened

Google agreed to delete all the information that had been collected in November 2010, telling the Information Commissioner's Office (ICO) that the data had been gathered as a result of a simple mistake.

But the ICO has now reopened its investigation following a report by a US watchdog which found emails, passwords and other information had been collected from millions of unknowing internet users through software deliberately written by an engineer.

Steve Eckersley, the ICO's head of enforcement, wrote to Alan Eustace, Google's senior vice president, yesterday, telling him the ICO's investigation has been reopened and asking for further information.

The move followed a report by the Federal Communications Commission in the US which found in April that an engineer, engineer Doe, deliberately wrote the software to capture the information in 2006 and shared his work on the Street View project with the entire team in October of that year.

The long list of data collected by the cars included information relating to online dating sites, visits to pornographic sites, and data in video and audio files, Mr Eckersley said.

Medical listings, legal infractions, and complete email messages were also collected, with email headings, IP addresses, full names, usernames, passwords and telephone numbers.

"It therefore seems likely that such information was deliberately captured by GSV (Google Street View) operations conducted in the UK," Mr Eckersley wrote.

He added that during the ICO's original investigation, the watchdog was "specifically told by Google that it was a simple mistake".

The watchdog called for Google to provide details on what data was collected in the UK, when Google managers were aware it was happening, and why this type of data was not included in the sample of information provided to the ICO during its original investigation.

It also called for Google to provide investigators with copies of the original software design document and what measures were introduced to prevent breaches of the Data Protection Act 1998.

PA