Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Google Street View Wi-Fi Collection

Office of the Australian Information Commissioner letter to Google

19 June 2013

Our reference: 12/000215-04

Mr Iarla Flynn
Head of Public Policy and Government Affairs Australia and New Zealand
Google Inc.
5/48 Pirrawa Rd
PYRMONT NSW 2009

By email: [email redacted]

Dear Mr Flynn

Undertakings in relation to Google Street View Wi-Fi collection

I refer to our previous discussions regarding undertakings between the former Office of the Privacy Commissioner (now part of the Office of the Australian Information Commissioner (OAIC)) and Google, following the investigation into Google’s collection of unsecured Wi-Fi payload data using its Street View vehicles.[1]

Those undertakings commenced in July 2010 for an agreed period of three years and that period will conclude in July 2013. As part of the undertakings, Google agreed to:

  • publish an apology to Australians for the collection of unsecured Wi-Fi payload data
  • conduct and provide to the OAIC a Privacy Impact Assessment (PIA) on any new Street View data collection activities in Australia
  • regularly consult with the Australian Privacy Commissioner about personal data collection activities in Australia that include personal information.

The first two elements of the undertakings were completed by March 2011. Google published the apology mentioned above on the Google Australia blog on 9 July 2010.[2] Further, Google provided the OAIC with a copy of a Street View PIA in October 2010, and with additional information in response to questions from the OAIC in February and March 2011.

The regular consultation that was also part of the undertakings took the form of monthly updates provided by Google to the OAIC, and ad hoc meetings regarding new Google products, services and initiatives with privacy ramifications.

The OAIC has found the collaborative nature of its working relationship with Google over the past three years to be helpful. However, the OAIC considers that the monthly product updates are no longer required. Instead, we suggest that, from July 2013, the OAIC and Google instead agree to hold regular meetings twice a year (every six months) to discuss personal data collection activities in Australia, with the potential for ad hoc meetings in the event that significant privacy issues arise.

I encourage Google to be proactive in informing the OAIC about issues impacting on personal privacy. The OAIC will also raise with Google any issues that we become aware of.

The Street View undertakings provided an opportunity for useful exchange of information between the OAIC and Google, and assisted in developing the relationship between our offices. I look forward to continuing to work with Google regarding measures to protect personal privacy in Australia.

Consistent with the OAIC’s usual practices, this letter will be published on our website. Google’s response, if any, will be published on receipt.

Yours sincerely

[signature redacted]

Timothy Pilgrim
Australian Privacy Commissioner
19 June 2013


Footnotes

[1] As announced on 9 July 2010 and available at www.oaic.gov.au/news-and-events/statements/privacy-statements/australian-privacy-commissioner-obtains-privacy-undertakings-from-google.

[2]  Official Google Australia Blog: We're sorry.

Back to Contents

Correspondence — Stroz Friedberg second letter to Google

19 November 2012

32 Avenue of the Americas, 4th Floor, New York, NY 10013
Tel: 212.981.6540 Fax: 212.981.6545 www.strozfriedberg.com

VIA ELECTRONIC MAIL

Alan Eustace
Senior VP, Engineering & Research
Google, Inc.
1600 Amphitheatre Parkway
Mountain View, California 94043

Re: Google Street View

Dear Mr. Eustace:

This letter is to inform you that, pursuant to the request of the Office of the Privacy Commissioner of the Australian Government, and at the direction of Wilson Sonsini Goodrich & Rosati, on October 11, 2012, Stroz Friedberg, LLC verified the irretrievable destruction of all data, including all 802.11 wireless Data Frames, from two hard drives that were identified by Google as having been used in Australia by Google Street View vehicles running the gstumbler program.

The two hard drives were maintained at Google's Data Centre in Lenoir, North Carolina. On October 11, 2012 at Google's Lenoir Data Centre, Stroz Friedberg verified that Google personnel deleted irretrievably all data from the hard drives by overwriting each hard drive in its entirety.

After performing and documenting the above, Stroz Friedberg personnel observed the physical destruction of the two hard drives to ensure that they could not be used in the future.

Very truly yours,

STROZ FRIEDBERG, LLC

By: [signed]

John F. Curran
Executive Managing Director

Back to Contents

Statement: Additional disks located — Australian Privacy Commissioner, Timothy Pilgrim

9 October 2012

"I have been contacted by Google to advise that they have identified two additional disks used for the collection of Street View data in Australia. These disks were found as a result of Google undertaking an inventory of its Street View data at my request to determine whether any further disks containing this data were in existence.

The disks contained data that Google collected from unsecured WiFi networks in Australia.  In May 2010, our office opened an investigation under the Privacy Act into this matter. In response to this investigation, Google provided a number of written undertakings and the investigation was closed.

I was then notified in July 2012 that Google still had in its possession a portion of the data collected. Following this notification, I requested that Google destroy the identified disks and have an independent third party confirm the data destruction which I received on 9 August 2012. I also asked them to conduct an audit to ensure there were no remaining disks containing this data and advise me of the outcome of this audit.

Google has now informed me it has discovered two remaining disks, while completing the requested audit. The first disk was used exclusively in Australia and the second disk was used in both Australia and New Zealand. I have been advised that the disks were securely housed.

I have informed Google that it should immediately destroy this data, unless there is a lawful purpose for its retention. Once this has occurred I have asked Google to again confirm via an independent third party that the data has been destroyed.

I remain concerned that this data still exists given that Google previously confirmed that all data relating to this issue had been destroyed. I have advised Google that it is important that there is no further Street View Wi-Fi data in Google's possession requiring destruction. I have asked Google for further information about their audit process to allow me to better understand the steps taken during the review of their disk inventory.

I remind all organisations that they have a responsibility to protect customer privacy and securely store the data that they hold. Personal information that is no longer being used or is out of date should be destroyed or permanently deidentified."

End statement.

Postscript: Google has provided a letter from Stroz Friedberg, dated 19 November 2012, verifying the destruction of the data referred to above.

Back to Contents

Correspondence — Letter to Google

(by emailed letter 9 October 2012)

Our reference: C13906

Mr Iarla Flynn
Head of Public Policy and Government Affairs
Google Australia Pty Ltd
Level 5, 48 Pirrama Road
PYRMONT  NSW  2009

Dear Mr Flynn

Google Street View Wi-Fi Collection

I refer to Google's recent correspondence and discussions, advising me that Google has identified another Street View disk potentially containing Australian payload data collected by Google's Street View vehicles. In addition, Google has also identified a second disk, which it believes may also contain both Australian and New Zealand payload data.

These disks were identified as a result of Google undertaking an inventory of its Street View data, in accordance with my request of 6 August 2012 that Google undertake an audit to ensure that no further disks containing this data exist.

The payload data was initially collected by Google from unsecured WiFi networks, in 2010.  In May 2010, the OAIC opened an investigation under section 40(2) of the Privacy Act 1988 (Cth), in response to the issue. This investigation ceased on 9 July 2010, on the understanding that Google would undertake a series of agreed steps.  Google subsequently advised our Office in March 2011 that all payload data collected by Google in relation to this matter had been destroyed.

Google then notified our office in July 2012 that it had identified 21 additional disks containing Australian payload data.  Following this notification, I advised Google that:

  • I did not require Google to retain the additional payload data and, unless there was a lawful purpose for retention, to destroy the information
  • To independently confirm the data destruction through a third party, and
  • To conduct an audit to ensure there were no other disks containing this data, and advise me of the outcome of this audit.

Consequently, Google provided third party confirmation of the destruction of that data in August 2012.  Google has now informed me that it has identified two remaining disks, while completing the requested audit.

As discussed in my letter dated 6 August 2012 and in accordance with Google's obligations under National Privacy Principle (NPP) 4.2, I do not require Google to retain this additional payload data. Further, unless there is a lawful purpose for its retention, Google should immediately destroy the data. Once this has occurred I would again like confirmation from an independent third party that the data has been destroyed.

While I appreciate Google informing me about the further data it has uncovered as part of its review, I remain concerned that this payload data still exists, since Google has now twice confirmed that all data relating to this issue had been destroyed.

It is important that I be satisfied in as conclusive a manner as possible, that there is no further Street View Wi-Fi data in Google's possession requiring destruction. To this end, I would appreciate further information about Google's audit process, to better understand the steps taken as part of its review. I understand that Google has agreed to make available a person with the appropriate expertise, to explain the audit process to us in detail.

I look forward to hearing from you, to arrange a suitable time for this meeting.

Yours sincerely

[signed]

Timothy Pilgrim
Australian Privacy Commissioner

9 October 2012

Back to Contents

Statement — 3rd letter to OAIC

8 October 2012

Mr Timothy Pilgrim
Privacy Commissioner
Office of the Australian Information Commissioner
By Email: [redacted]

Dear Commissioner

Re: Google Street View Wi-Fi Collection

Google Inc. has now completed our comprehensive review of our Street View disk inventory. We can advise that the final stage of this process identified two additional Street View vehicle disks that were used for the collection of data in Australia during the time that Wi-Fi data collection was ongoing. Both disks have always been securely housed in our quarantine cages, but our systems were not able to recognize them as Australian. We apologize for this error.

One of the disks was used exclusively in Australia. We would like to delete this disk and, unless you object, we will proceed with its deletion pursuant to your 6 August 2012 letter.

The other disk was used in both Australia and New Zealand. We would also like to delete this disk and, unless you object, we will proceed with its deletion when we receive approval to do so from the Office of the Privacy Commissioner of New Zealand.

We do not expect to identify any other Australian disks.

Yours respectfully

Google Inc

Back to Contents

Statement — update, Australian Privacy Commissioner, Timothy Pilgrim

10 April 2012

"I wrote to Google on 6 August 2012 advising that I did not require Google to retain the additional WiFi payload data collected from Street View vehicles in Australia, and that the data should be destroyed immediately unless there was a lawful purpose for its retention. I asked Google to confirm that the destruction had taken place via an independent third party.

I have now received advice from Google that this destruction has occurred. I have also received verification of this destruction from the independent third party, Stroz Friedberg — a digital risk management and investigations firm. I also asked Google to undertake an audit to ensure that no other disks containing payload data exist, and to advise me once this audit is completed. Google has advised that it is undertaking this process."

Back to Contents

Correspondence — 2nd letter to OAIC

(by emailed letter 9 August 2012)

Mr Timothy Pilgrim
Privacy Commissioner
Office of the Australian Information Commissioner
By Email: [redacted]

Copy to: Mark Hummerston and Melanie Drayton

Dear Commissioner

Re: Google Street View Wi-Fi Collection

Thank you for your letter of 6 August 2012.

We are writing to confirm that the Street View disks containing payload data collected by our Street View vehicles in Australia, as notified on 27 July 2012, have been destroyed. Enclosed is a letter from independent third party Stroz Friedberg verifying this.

We will be in touch when we have completed the review of our Street View disk inventory.

Yours respectfully

Google Inc

Back to Contents

Correspondence — Stroz Friedberg letter to Google

August 8 2012

32 Avenue of the Americas, 4th Floor, New York, NY 10013
Tel: 212.981.6540 Fax: 212.981.6545 www.strozfriedberg.com

VIA ELECTRONIC MAIL

Alan Eustace
Senior VP, Engineering & Research
Google Inc.
1600 Amphitheatre Parkway
Mountain View, California 94043

Re: Google Street View

Dear Mr. Eustace:

This letter is to inform you that, pursuant to the request of the Office of the Privacy Commissioner of the Australian Government, and at the direction of Wilson Sonsini Goodrich & Rosati, on August 8, 2012, Stroz Friedberg, LLC verified the irretrievable destruction of all data, including all 802.11 wireless Data Frames, from 21 hard drives that were identified by Google as having been used in Australia by Google Street View vehicles running the gstumbler program.

The 21 hard drives were maintained at Google's Data Centre in Lenoir, North Carolina. On August 8, 2012 at Google's Lenoir Data Centre, Stroz Friedberg verified that Google personnel deleted irretrievably all data from 20 of the 21 hard drives by overwriting each hard drive in its entirety. Stroz Friedberg reviewed the remaining hard drive and determined that it exhibited evidence of physical damage and that data on this hard drive could not be accessed for secure deletion.

After performing and documenting the above, Stroz Friedberg personnel observed the physical destruction of the 21 hard drives to ensure that they could not be used in the future.

Very truly yours,

STROZ FRIEDBERG, LLC

By: [signed]

John F. Curran
Executive Managing Director

Back to Contents

Google Street View Wi-Fi Collection — Statement from Australian Privacy Commissioner, Timothy Pilgrim

7 August 2012

Google wrote to the Office of the Australian Information Commissioner (OAIC) on 27 July 2012 to advise that it had in its possession a portion of payload data collected by Google Street View vehicles in Australia. The payload data was collected from unsecured WiFi networks by Google in 2010. The OAIC conducted an investigation into the collection of the payload data under s 40(2) the Privacy Act 1988 (Cth). After that investigation Google advised the OAIC that in March 2011 all payload data was destroyed.

On 6 August 2012, the Privacy Commissioner wrote to Google asking them to destroy this data immediately and confirm that this has taken place via an independent third party. The Commissioner also asked Google to undertake an audit to ensure that no other disks containing this data exist, and to advise him once this audit is completed.

Back to Contents

Google Street View Wi-Fi Collection — letter to Google

(by emailed letter 6 August 2012)

Our reference: C13906

Mr Iarla Flynn
Head of Public Policy and Government Affairs
Google Australia Pty Ltd
Level 5, 48 Pirrama Road
PYRMONT  NSW  2009

Dear Mr Flynn

Google Street View Wi-Fi Collection

I refer to Google's advice, received on 27 July 2012, informing the Office of the Australian Information Commissioner (OAIC) that Google has identified more payload data collected by Google's Street View vehicles in Australia.

The payload data was collected from unsecured WiFi networks by Google in 2010. The OAIC conducted an investigation into the collection of the payload data under s 40(2) the Privacy Act 1988 (Cth). After that investigation Google advised our Office that in March 2011 all payload data was destroyed. I understand from your letter that Google has now discovered additional disks containing payload data. You also advise that Google intends to destroy the additional disks unless I require a different course of action.

National Privacy Principle 4.2 requires that an organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under NPP2.

I do not require Google to retain the additional payload data and, unless there is a lawful purpose for its retention, Google should immediately destroy the data. Once this has occurred I would like confirmation from an independent third party that the data has been destroyed.  Further, I would also request that Google undertakes an audit to ensure that no other disks containing this data exist, and to advise me once this audit is completed.

I would add that I am concerned that the existence of these additional disks has come to light, particularly as Google had advised that the data was destroyed. Organisations that retain personal information that is no longer required could leave individuals at risk should it be misused.

I appreciate your advising me of this matter, and look forward to confirmation that the data has been destroyed.

Yours sincerely

[signed]

Timothy Pilgrim
Privacy Commissioner

6 August 2012

Back to Contents

Google Street View Wi-Fi Collection — letter to OAIC

(by emailed letter 27 July 2012)

Mr Timothy Pilgrim
Privacy Commissioner
Office of the Australian Information Commissioner
Copy to: Mark Hummerston and Melanie Drayton

Dear Commissioner

Re: Google Street View Wi-Fi Collection

Google has recently confirmed that it still has in its possession a portion of payload data collected by our Street View vehicles in Australia. Google apologizes for this error.

In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and re-scanning of thousands of disks. In conducting that review, we have determined that we continue to have payload data from Australia and other countries. We are in the process of notifying the relevant authorities in those countries.

Google intends to delete the Australian disks that we located. If you would prefer that we take another course of action, please advise us by 3rd September 2012 so that we can ensure no steps are taken in that regard without further consultation with you.

Yours respectfully

Google Inc

Back to Contents

Privacy Commissioner will not open new investigation into Google Street View

29 May 2012

"I have decided not to open another investigation into Google Street View. In 2010 the Office found Google in breach of the Privacy Act after it was confirmed that Google collected personal information through unsecured WiFi payload data from its Street View vehicles.

Google accepted this finding and agreed to the following undertakings:

  • Publish an apology to Australians for its collection of unsecured WiFi 'payload' data
  • Conduct a Privacy Impact Assessment on any new Street view data collection activities in Australia and provide these to the office
  • Regularly consult with the Australian Privacy Commissioner about personal data collection activities in Australia that include personal information

I am satisfied that Google has complied with those undertakings and continues to keep our office informed of new developments. In reaching this decision, I have considered the FCC's report and don't consider that a new investigation would reveal any information that would change our original finding. In the case of the 2010 Google investigation, undertakings were agreed between Google and the office as the Privacy Act does not currently allow me to impose any enforceable undertakings. I am pleased that the Government has introduced a Bill into the Parliament to amend the Privacy Act that will, amongst other things, give me access to enforceable remedies for investigations of this type."

Back to Contents

Australian Privacy Commissioner obtains privacy undertakings from Google

9 July 2010

Australian Privacy Commissioner Karen Curtis has concluded her investigation into Google's collection of unsecured WiFi payload data in Australia using Street View vehicles.

Australian Privacy Commissioner Karen Curtis has concluded her investigation into Google's collection of unsecured WiFi payload data in Australia using Street View vehicles.

"On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act.

"Collecting personal information in these circumstances is a very serious matter. Australians should reasonably expect that private communications remain private.

"In response to our investigation, Google has provided me with written undertakings that it will:

  • Publish an apology to Australians in Google's official Australian blog (www.google-au.blogspot.com) for its collection of unsecured WiFi 'payload' data.
  • Undertake to conduct a Privacy Impact Assessment (PIA) on any new Street View data collection activities in Australia that include personal information.
  • Provide a copy of these PIAs to my Office.
  • Regularly consult with the Australian Privacy Commissioner about personal data collection activities arising from significant product launches in Australia.

"These steps will ensure Google's future products have privacy protections built in rather than bolted on. Google's undertakings will last for three years. These undertakings will be reviewed following any reforms to the Privacy Act.

"Under the current Privacy Act, I am unable to impose a sanction on an organisation when I have initiated the investigation. My role is to work with the organisation to ensure ongoing compliance and best privacy practice.

"This was an issue identified by the Australian Law Reform Commission (ALRC) inquiry into Australian privacy laws. The ALRC recommended that the enforcement regime be strengthened. My Office supports these recommendations, and the Australian Government has announced its intention to adopt them.

"Other privacy authorities and law enforcement agencies may still be investigating the collection of WiFi 'payload' data by Google. In view of those ongoing investigations I do not propose to comment in more detail.

"I would like to thank my international counterparts in New Zealand, Canada and Hong Kong, who worked with my Office in examining this matter.

"I also acknowledge the cooperation offered by Google throughout my investigation.

"My Office has produced a Guide to assist organisations undertake PIAs. The Guide (PDF) is available at: http://www.privacy.gov.au/materials/types/download/9509/6590.

Back to Contents