An open letter to EU privacy commissioners regarding deletion of Google WiFi data

18/05/2010

A number of European privacy and data protection regulators have instructed Google to irrevocably destroy all WiFi data collected since 2007 in the course of the company's StreetView project.

Privacy International believes this instruction is based on advice that is ill-informed and irresponsible, as the action may be unlawful. We urge Google to politely ignore these instructions and, instead, securely store the data with a trusted third party pending further investigation.

We have directly put Google on notice that it is likely to be imminently subject to civil or criminal legal action as a result of the WiFi interception.To eliminate the data would constitute destruction of evidence.

Last weekend, on the instructions of the Irish Data Protection Commissioner, Google destroyed all WiFi data relating to collection in Ireland. This action has the effect of removing any chance of further legal action of investigation. The Irish Commissioner was wrong to have issued such an instruction. The action could be seen as collusion to destroy evidence.

We do not blame Google for destroying the data. The company was merely following directions. However the instruction was reprehensible and has the effect of ensuring that people will be unable to enforce their legal rights. The action also eliminates any hope of a full audit.

The UK Information Commissioner's Office has also issued this instruction, again without due regard to the broader question of legal rights and lawful obligations. We urge the Commissioner to immediately rescind the order and allow Google to place the data in secure storage until such time as the legal questions are resolved.

In the absence of a commitment from both Google and the Commissioners to temporarily secure the data Privacy International will seek a prosecution for unlawful interception under the Regulation of Investigatory Powers Act. In those circumstances there would be no question of destroying the data.

We are deeply unsettled by Google's assertion that this situation was caused by a mere "mistake" brought about by accidental use of inappropriate code developed for sniffing the content of WiFi networks. This explanation to us seems entirely implausible. Only a full scale audit will help uncover the facts. Until then, there remain more questions that answers in this disappointing chapter in Google's history.

Until those questions are resolved, the data evidence must be preserved. We are of course aware of the obligations under data protection to destroy data that is unnecessary, but we believe the protection of evidence is based on a higher law that all parties - including Commissioners - must respect.

Related:
UK Police begin investigation into Google Wi-Fi grab
PI responds to Google's Wifi grab