Germany Asks Google to Surrender Private Data

BERLIN — Google came under increased pressure in Europe on Tuesday over its collection of private data from unsecured home wireless networks, as a German regulator threatened legal action if the company did not surrender a hard drive for inspection.

The German demand underscored the seriousness of the quandary Google now faced following its admission last Friday that it had stored the snippets of Web sites and personal e-mail messages from people around the world while compiling its Street View photo archive.

Johannes Caspar, the data protection supervisor for the city-state of Hamburg, where Google’s German headquarters are located, said Tuesday that he had given Google until May 26 to hand over one of the hard drives that it had used to collect and store information in Germany, where Street View is not yet available.

Through a spokesman, Google reiterated its offer to destroy the WLAN data in conjunction with regulators, but stopped short of saying it would hand over a hard drive, which would allow regulators to see for the first time what kind of data had been collected.

Viviane Reding, the European justice commissioner, criticized Google for not cooperating with German privacy officials.

“It is not acceptable that a company operating in the E.U. does not respect E.U. rules,” she said in a statement released by her office.

Mr. Caspar, who is leading the government’s discussions with Google, said during an interview that “Up until now, all we have to go on at this point is what Google has told us that they have collected. But until we can inspect one of the hard drives ourselves, we will not know to what extent what kinds of data have actually been stored.”

Prodded by Mr. Caspar and other officials in Germany, Google last week said it had collected 600 gigabytes of data from unsecured wireless area networks, or WLANS, from around the world as its roving cars compiled a photo archive for Street View.

The admission was sharply criticized in Germany, and came less than two weeks after Google had assured officials that it had stored only two pieces of WLAN data: the unique I.D. number of the device, called a MAC address, and its assigned name.

Google apologized for collecting what it described as fragments of information from unsecured WLANs, saying its actions were inadvertent and the result of a programming error.

A Google spokesman in Hamburg, Kay Oberbeck, said the company had no response to the Hamburg regulator’s request beyond its standing offer to destroy the data collected in Germany in conjunction with regulators. Google said it had destroyed WLAN data during the weekend that had been improperly collected in Ireland, at the request of the regulator.

“We are in contact with the Hamburg regulator, Mr. Caspar,”Mr. Oberbeck said. “Naturally we are interested in destroying the data, in conjunction with the relevant regulators, as soon as possible.”

In a blog posting late Monday, Alan Eustace, a Google senior vice president for engineering and research, wrote that a San Francisco company, Isec Partners, had overseen destruction of the Irish data. In his blog Mr. Eustace included a link to a report from Alex Stamos, the Isec Partners employee who witnessed destruction of the Irish data from the larger batch of WLAN data improperly collected around the world.

In his letter to Google, Mr. Stamos described the WLAN data in question as being contained on four hard drives, organized by individual country. Mr. Stamos said he created volumes on two new encrypted hard drives and copied over all of the data except for Ireland. The original four hard drives were then destroyed, Mr. Stamos wrote.

Google has said its WLAN catalogue was designed to enhance its mobile advertising service, which can alert mobile phone users to nearby businesses and other attractions by often pinpointing their locations through WLANs.

Mr. Caspar said he had not yet received a response from Google. “I would think it would be in their interests too to clarify the matter as quickly as possible,” he said.

Should Google defy the regulator’s request, Mr. Caspar said he had the power to fine the company, and could ask the state prosecutor in Hamburg to evaluate whether to bring charges against Google for improper collection of private data. Mr. Caspar said Hamburg’s data protection law gave him the power to assess fines of up to €300,000, or $369,000.

To ease privacy concerns in Germany, Google has agreed to give property owners the right remove their property from Street View before the service goes live, which was planned for later this year. It is the first time that Google is giving consumers the right to opt out in advance. Current procedures let users request that their property be removed after the service goes live.

In a related development, a law student from western Germany said Tuesday that he had filed a formal complaint with the Hamburg state prosecutor’s office alleging that Google’s WLAN data collection violated German law. Jens Ferner of Alsdorf said he faxed his complaint to the prosecutor’s office on Monday seeking to clarify the legal situation regarding use of open WLANs.

This entry was posted in privacy and tagged , , , . Bookmark the permalink.