A couple years ago, Google came under considerable fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, last year, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — did include entire e-mails and passwords. The online services giant faced questions from states, and Google reached a settlement with Connecticut over the data collection. There were international investigations and investigations by US federal agencies, as well.
Now, CNet reports more news about Google Street View concerning individuals’ privacy:
Google’s Street View cars collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world, a practice that raises novel privacy concerns, CNET has confirmed.
The cars were supposed to collect the locations of Wi-Fi access points. But Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data publicly available through Google.com until a few weeks ago.
The French data protection authority, known as the Commission Nationale de l’Informatique et des Libertés (CNIL) recently contacted CNET and said its investigation confirmed that Street View cars collected these unique hardware IDs. In March, CNIL’s probe resulted in a fine of 100,000 euros, about $143,000. […]
A previous CNET article, published June 15 and triggered by the research of security consultant Ashkan Soltani, was the first to report that Google made these unique hardware IDs–called MAC addresses–publicly available through a Web interface. Google curbed the practice about a week later.
But it was unclear at the time whether Google’s location database included the hardware IDs of only access points and wireless routers or client devices, such as computers and mobile phones, as well. […]
Google declined repeated requests for comment for this article over a period of more than a week. In a statement last month, the search company said only that “we collect the publicly broadcast MAC addresses of Wi-Fi access points,” which addressed only current and not past practices.