The re-opening of the Information Commissioner Office’s (ICO) investigation into Google Street View’s data collection practices will mean further instruction for Bristows.
The firm has declined to comment on the live matter, but with the ICO asking seven questions of the internet search engine, IT partner Mark Watts and his TMT team is understood to be advising, having overseen the original probe.
Bristows was called in by Google’s in-house lawyers to manage the global response to claims that Street View cars had illegally collected personal data from insecure home internet networks data including emails, URLs, and passwords.
As Google was investigated by privacy watchdogs, data protection authorities, regulators, prosecutors and even law enforcement agencies in various continents, other international firms such as Bird & Bird in France and Baker & McKenzie in Hungary were hired by Google’s in-house team, with Bristows bringing the European response together from its London office (11 June 2012).
In the UK, the ICO was invited to look at pre-prepared samples of the data in order to be reassured that it was not deliberate or sensitive. On that basis, the investigation was wound down in most countries.
But last Wednesday (13 June), the ICO wrote to Google’s senior vice president Alan Eustace and Google France’s global privacy counsel Peter Fleisher. It said that, following the US Federal Communications Commission probe into the same breach that found the software was deliberately written to collect payload data, it had reviewed its findings.
The letter said: “It therefore seems likely that such information was deliberately captured during the Google Street View operations conducted in the UK. However, during the course of our investigation we were specifically told by Google that it was a simple mistake and if the data was collected deliberately then it is clear that this is a different situation than was reported to us in April 2010.”
The IOC has asked Google seven questions including a precise list of what personal and sensitive data was collected, at what point UK management was aware and when did it stop, why data was not included in the sample prepared for the ICO by Google, copies of senior managerial decisions and privacy concerns and details of what measures were taken to prevent data protection breaches.
A Google spokesman said: “We’re happy to answer the ICO’s questions. We’ve always said that the project leaders did not want and did not use this payload data. Indeed, they never even looked at it.”