Google must return wifi data: Privacy lobby

James Riley
Thursday, 04 November 2010 14:02

IT Policy - Regulation

The Australian Privacy Foundation is still seeking confirmation that the personal information of local citizens collected by Google Australia through its StreetView cars is being stored in Australia.

The organisation says if the personal data - including whole emails, bank account details and passwords - has been moved offshore it should be returned to Australia immediately.

But having written to all parties involved last May - Google Australia, the Office of the Australian Privacy Commissioner, the Attorney General's department and the Australian Federal Police - the APF has yet to be formally told whether the payload data will be kept, or where it is currently stored.

Google Australia said as recently as last week at a Senate committee hearing on online privacy that it wanted to delete the payload data as soon as possible.

But APF chair Roger Clarke says the data should be kept for as long as it took for Australians to be given an adequate explanation of the extent of the privacy breach. It is believed to the worst single corporate breach of privacy in Australia in the nation's history.

The APF has been deeply unhappy with the Privacy Commissioner's handling of the issue. Clarke says it has yet to receive a written reply from the commissioner - or the Federal Police - on its request last May that urgent action be taken to stop Google Australia deleting the payload data.

Google admitted in May that it had collected "payload data" - including whole emails, bank account details and passwords of Australians - through its StreetView cars as it collected data about WiFi networks throughout the country.

The company says the payload data - potentially from millions of Australian households - was collected inadvertently and that it never intended to use the data for any purpose. It has subsequently apologised for the "mistake."

The company admitted it had collected personal information across the world in markets where its StreetView cars were in operation. The breach has been under investigation in various jurisdictions ever since.

The privacy foundation's Clarke says he is concerned about statements to the media last June by assistant privacy commission Mark Hummerston that Google Australia may be ordered to destroy the payload data.

The foundation says Australians have a right to more precise information about what personal information was collected through the unauthorised actions of Google Australia.

Clarke says the Privacy Commissioner's office had been less than transparent in its investigations. The APF has given Google Australia notification that it may take legal action over the issue in future, which ordinarily would be enough to ensure the company was legally bound to keep all relevant data. But Clarke says it has not received any notification from any of the parties that the data had been kept.

Clarke says the foundation had enough money to begin court proceedings against Google Australia under the Telecommunications (Interception and Access) Act 1979 and to run a substantial campaign on the issue. But it is waiting for the Federal Police investigation to run its course first.

"We are not trying to put people in jail," Clarke told iTWire.

"We are trying to get the point made abundantly clear that this company is subject to Australian law and has got to talk to people and consult and understand the law and stop acting arrogantly."