Google’s collection of unencrypted data obtained from wireless networks in its Google’s Street View project did not violate Section 705(a) Communications Act that prohibits the unauthorized interception (and either use) of radio communications.
The U.S. Federal Communications Commission (FCC) handed down this judgement with a Notice of Apparent Liability released on 16th April 2012.
The case at hand of the FCC concerned the activities carried out by Google in its Street View Project. Such project involved the creation of 360 degree maps of towns and cities viewable by users of Google Maps and Google Earth. To achieve such result Google sent hundreds of cars equipped with cameras in order to take 360 degree pictures of structures and land bordering roads and highways.
In last years, the aforementioned cars were able to capture also Wi-Fi data which combined with GPS information could be used to map, for example, businesses near user’s location.
In 2010, in response to investigations carried out by European Authorities, Google admitted that such Wi-Fi data included contents of email, text messages and other personal data and in October 2010, Google also admitted that the collected content included entire emails, passwords and so on.
Subsequently, in November 2010, the FCC sent Google a Letter of Inquiry (LOI) requesting information about the Wi-Fi data collections to determine whether such collection might constitute violation of Section 705(a) of the U.S. Communications Act which, as previously said, prohibits unauthorized interception of radio communications.
However, with the aforementioned Notice of Apparent Liability, the FCC did not consider as unlawful the activities performed by Google. In particular, the FCC found that Google collected data from unencrypted or open wireless only and declared lawful such data collection on the basis of relevant provisions of Federal Wiretap Act which exempts as lawful the unauthorized interception of any electronic communication that is readily accessible to the general public (that is to say, communications that is not scrambled or encrypted).
Moreover, the FCC also found that Google has collected encrypted data sent through such “open networks” but there was no evidence that Google did anything with such data, because it was not possible to interview Google’s key employee (and for that reason, the FCC proposed a $ 25,000 fine for Google’s missing cooperation).
In Italy, instead, the Italian Data Protection Autority was of the opposite opinion. In fact, the Autority, in its ruling of 9th September 2010, ordered Google to block data processing with the “capturing” of communications on Wi-Fi networks and lodged a report with judicial authorities.
First of all, the Autorithy adfirmed that some of the collected data could be considered as personal data and as a result, provisions of Italian Data Protection Code must be applied (in particular section 11 of the Code which provides that any personal data must be processed lawfully and fairly and collected and stored for specific, explicit, and legitimate purposes).
Secondly, Google’s activity was considered to probably be in breach of section 617-quarter and 617-quinquies of the Criminal Code which prohibit fraudulent interception of electronic communications and installation of equipment that is suitable for performing such interception.
As a result, the Authority ordered Google to block any processing of the collected data pursuant to section 11(2) of the Code which provides that any personal data that is processed in breach of the relevant data protection provisions may not be used.
Furthermore, it ordered Google not to delete such payload data, since they might serve as proof in eventual criminal proceedings.
In France, the “Commission nationale de l’informatique et des libertès” in its decision no. 2011-035 (http://www.cnil.fr/fileadmin/documents/La_CNIL/actualite/D2011-035.pdf) has ordred Google to pay an administrative fine of 100,000 Euro for failure to comply with its requests. In particular, the Commission ordered Google to destroy data identifying access points of individual users which were at the basis of Geolocalization services offered by the U.S. company but Google refused to destroy such data.
In conclusion, the Google’s collection of such personal data during the Street View Project has revealed some relevant differences in data protection legislation among different Countries which is not justifiable in the light of the borderless of actual Information society.
La U.S. Federal Communications Commission (FCC) ha così statuito in una propria Notice of Apparent Liability del 16 Aprile 2012.
