In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010. This follows the ICO re-opening its probe into Google’s Street View activity last
The Northern District of California issued two key rulings last week in denying in part a motion to dismiss in In re Google Inc. Street View Electronic Communications Litigation, a consolidated action arising out of Google’s acknowledged interception of “payload data,” including emails, usernames, password, and other private data, from unencrypted home wireless networks using technology installed on Google’s Street View vehicles.
First, in a matter of first impression Judge Ware rejected Google’s argument that its interception of Wi-Fi communications content was not restricted by the Wiretap Act (Title 1 of the Electronic Communications Privacy Act or ECPA), due to a “readily accessible to the general public” exception contained in the statute. Instead, the court held that this exception applies only to communications using traditional radio broadcast technology. Significantly, Judge Ware distinguished Wi-Fi technology from traditional radio services, which presumptively are intended to be public, instead likening Wi-Fi to cellular technology, in that both are designed to send communications privately. The court also held that plaintiffs’ Wiretap Act claim was plausibly pleaded, meaning that the litigation will continue beyond Google’s motion to dismiss.
The recent decision of the Swiss Federal Tribunal (EDÖB v Google, Trib. Admin. Fed.) against Google Street View has raised new and important questions for many industries, not least for other enterprises that use photography of individuals in countries subject to data protection laws based on the EU model.
In the Google case, the Swiss Court reaffirmed the EU Working Party 29 position that images of people constituted “personal data” because they made individuals distinct and identifiable, and that consequently data protection laws applied. Given the provisions of these laws, the court chided Google for improperly collecting Street View data originally and then subsequently failing to fully anonymize this data before publication. Although the court acknowledged that Google had blurred “up to 95% of faces and license plates” photographed, this remained insufficient. Even when blurred, photos of individuals near “sensitive places” (such as women’s shelters) remained a serious concern for the court.
European views on privacy have, in the past, run headlong into journalistic efforts. Those watching the development of European privacy law under Article 8 of the European Convention will recall the result in a case brought by Princess Caroline of Monaco, who won a landmark ruling in 2004 preventing the German press from publishing photographs of her and her children while in public places — photographs that would be entirely permissible under the laws of the United States and many other countries. But the Swiss case does not appear to add new burdens for journalists.
Google has moved to dismiss a conslidated class action complaint alleging that it violated the federal Wiretap Act, among other laws, by allowing its Street View cars to collect the contents of communications transmitted over unsecured WiFi networks. The motion was filed in the Northern District of California, where more than a dozen suits arising out of the Street View activity were…