In 2010, Google came under considerable fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.”

The online services giant faced questions from states, and Google reached a settlement with Connecticut over the data collection. There were international investigations, and Google faced inquiries by U.S. agencies, including the Federal Trade Commission and the Federal Communications Commission. In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data.

Now, the FCC has decided (agency pdf; archive pdf) that it will not take enforcement action against the company over this data collection and retention (more on that below). But, the agency will fine Google for impeding the agency’s investigation into the private data collected and retained via its Street View product. In its “Notice of Apparent Liability for Forfeiture,” the FCC says:

Read more »

CBC reports that British Columbia Information and Privacy Commissioner Elizabeth Denham wants businesses to be required to report data security breaches:

In an interview with CBC News, Denman said the province needs to amend its Personal Information Protection Act. Her office has been calling for the change since 2008, but she fears B.C. will be left behind other jurisdictions if the government waits much longer. [...]

“I think it should be in law. I think the impact of that will be that individuals will know when there’s been a significant breach affecting them, and secondly there will be more investment in the security of personal information if there’s a mandatory requirement in law.”

Denham says the breaching of private information is reaching “epidemic” proportion in B.C. Read more »

NPR takes a look at the move toward “Do Not Track” proposals, which would allow consumers to restrict the data gathered by Web sites and marketers on the consumers’ online browsing or purchases.

Government regulators in the U.S. and Europe are putting pressure on the online advertising industry to adopt a new Web browser option called “do not track.” The option is designed to let people request more privacy from the websites they visit. [...]

Some browsers, like Internet Explorer, Safari and Firefox, already come with a “do not track” button. Other browsers are expected to add the feature soon.

Jonathan Mayer, a Stanford graduate student specializing in computer science and law, has helped to popularize the concept. He says more than 10 million Internet users are already using the option. It sends a signal to websites and online advertisers that a user does not want his or her browsing behavior tracked. Read more »

In January, Google announced changes in its privacy policies that would affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized (pdf) the Internet services giant for not including an opt-out provision. The critics included 36 U.S. state attorneys general, who wrote to (pdf) Google raising privacy and security questions about the announced privacy policy changes. The EU’s Article 29 Data Protection Working Party wrote to (pdf) Google about the privacy policy changes, which affect 60 Google services. The Working Party, which includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor, asked Google to halt implementation of these changes while the data protection authority in France (the National Commission for Computing and Civil Liberties, CNIL) investigates. Google refused and its new privacy policies went into effect in March.

Last month, CNIL sent Google a lengthy questionnaire (CNIL pdf; archive pdf) about the privacy policy changes. The questionnaire “aims at clarifying the consequences of this new policy for Google’s users, whether they have a Google Account, are non authenticated users, or are passive users of Google’s services on other websites (advertising, analytics, etc.),” CNIL says.

Now, Google has partially responded in a letter (pdf) to CNIL officials. The letter, from Google Global Privacy Counsel Peter Fleischer, addresses about a third of the questions asked by CNIL and the online services giant says it will answer the rest of the questions “as soon as complete.” In the letter, Fleischer response to the Working Party’s request for Google to halt its implementation of the new privacy policy changes while CNIL investigates: Read more »

Jennifer Stoddart, the Privacy Commissioner of Canada, announced in a news release the findings of three complaint investigations against social-networking site Facebook.

Facebook has shown greater awareness of users privacy rights, but still needs to do a better job of considering privacy issues before rolling out new features, Privacy Commissioner of Canada (OPC) Jennifer Stoddart said today in announcing the findings of three complaint investigations involving the popular social networking site. [...]

The Office has concluded investigations of Facebook related to the following issues:

• Friend suggestions: Upon receiving emails to join the site including friend suggestions depicting Facebook members they indeed knew, some non-members alleged Facebook must have accessed their email address books without consent. Our investigation found no evidence of this, but did find that Facebook had used their email addresses to generate friend suggestions without proper knowledge and consent. During the investigation, Facebook addressed our concerns, and the complaints were deemed to be well-founded and resolved.

Read more »

In a column at the Washington Post, Dana Milbank looks at the spread of “Big Brother”-type surveillance technology from military use to everyday watching of spouses or others:

You can find just about anything at the annual homeland security expo: X-ray machines, infrared cameras, a police cruiser with heat-sensing capability, a hovering “gyroplane” — and a GPS device that can spy on your spouse.

The salesman for Blackline GPS Corp., maker of “professional grade covert tracking” equipment, explained that his devices, in the shape of a legal envelope ($700) or an electric razor ($300), can be tucked behind seat cushions, under floor mats or into backpacks.

“We’re getting more requests from husbands and wives,” he explained. “I’ve seen guys throw it in their wives’ car and cover it with a hat. It keeps honest people honest.” Read more »