As recently reported by the Washington Post and others, the FTC has ended an inquiry into privacy concerns over Google’s Street View service after Google pledged to stop gathering email, passwords, and other information from residential WiFi networks as its Street View cars creep through neighborhoods with computers on and cameras rolling. For some background on the issue, here is a timeline of related events and announcements:
- 4/27/2010: Peter Fleischer, Google’s global privacy counsel states in a blog entry in Google’s European Public Policy blog that while its Street View cars do collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router), Google does not collect payload data (information sent over the network).
- 5/5/2010: The data protection authority (DPA) in Hamburg, Germany asks Google to audit the WiFi data that Google’s Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions.
- 5/14/2010: Google states in a blog entry that it has discovered that its statements in the 4/27 blog were inaccurate–specifically, that Google had been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though Google "never used that data in any Google products".
- 9/2010: The Czech Office for Personal Data Protection bans Street View in the Czech Republic after more than half a year of unsuccessful negotiation between the Czech Republic and Google.
- 10/19/2010: Canadian Privacy Commissioner’s investigation reveals “that Google did capture personal information–and, in some cases, highly sensitive personal information such as complete emails.”
- 10/22/2010: Google states, that it is "mortified" over the unintended data collection and admits, "We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here." Google outlines changes and steps it is taking to strengthen privacy controls.
- 10/27/2010: As explained in a letter from the FTC to Google’s attorney, The FTC ends its enquiry into the Google Street View data collection.
- 10/28/2010: IDG News Service reports that Italian prosecutors have opened an investigation into Google for allegedly violating the country’s privacy laws through the data collected for the Internet company’s Street View service.
In the United States, the general rule is that there is no reasonable expectation of privacy in a public place, and is therefore no right of privacy which would prohibit Google or anyone else from taking photographs or videos of public places and the people who happen to be in those locations. Some European countries, however, have laws prohibiting the filming without consent of an individual on public property for the purpose of public display. Further, while many European nations have laws which serve to proactively protect individual privacy and the collection and sharing of personal information, the United States generally addresses such issues with a sector by sector approach, and then allows companies and other data collectors to do with the information what they please so long as the individuals are properly informed of, and agree to, the use in advance. Given these different approaches, it is not surprising that European governments would respond more forcefully to Google’s data collection.
The reasons behind the differences between the U.S. and European approaches to privacy are many, with some potential historical and cultural factors including: European distrust for corporations compared to American distrust of government, European first hand experience with Nazi use of public and church records to identify Jews and others during the Holocaust, American state-based structure of government with limitations on federal powers, preference in American law to honor individual contracts, EU pro-consumer approach compared to American pro-market approach, and the right of privacy having been "read into" the U.S. Constitution as compared to the EU Convention on Human Rights which expressly addresses and sets forth a right to privacy (in Article 8). With information collection and sharing growing increasingly global in reach, the differences between the U.S. and European approaches to privacy will undoubtedly continue to result in criminal and civil investigations into the collection, storage, and distribution of private information.