Google is likely to face more privacy-related challenges on the heels of news today that the company’s Street View vehicles have collected more than just the location of WiFi access points.
According to a CNET article today, Google collected those WiFi access points along with the location of client devices including mobile phones and desktop computers.
The cars were supposed to collect the locations of Wi-Fi access points. But Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data publicly available through Google.com until a few weeks ago.
The French data protection authority, known as the Commission Nationale de l’Informatique et des Libertés (CNIL) recently contacted CNET and said its investigation confirmed that Street View cars collected these unique hardware IDs.
Of the dozens of countries that have (or still are) investigated Google’s WiFi data collection, France is the only one to issue a fine. In the US, the FTC closed its inquiry without penalties last year.
But those investigations apparently focused only on the data transferred via access points and made no mention of the collection of device locations. It seems likely that privacy watchers and government officials will call for further investigations based on this latest development.
Google declined to comment to CNET for their report.
Postscript: After our article was published, a Google spokesperson contacted us to share a statement that has also been shared with CNET:
Location-based services provide tremendous value to consumers and the economy. In order to provide these location services, Google and many other companies detect nearby, publicly available signals from Wi-Fi access points and cell towers and use this data to quickly approximate a rough position. This can be done by using information that is publicly broadcast, including that list of Wi-Fi access points you see when you use the “join network” option on your computer and the access point’s MAC address.
We collect the publicly broadcast MAC addresses of Wi-Fi access points. If a user has enabled wireless tethering on a mobile device, that device becomes a Wi-Fi access point, so the MAC address of such an access point may also be included in the database. Wi-Fi access points that move frequently are not useful for our location database, and we take various steps to try to discard them.