After almost a decade in court, Google has decided to settle a lawsuit that accused the company of privacy breaches for collecting people’s personal data without their consent through its Street View program (between 2007 and 2010). The settlement will require the company to pay out US$13 million as compensation and also mandates that all collected data be destroyed.
The Street View case
Between January 1, 2007, and May 25, 2010, Google’s Street View program deployed cars in different cities across the world in a bid to collect data for its map service. However, the cars also ended up collecting private data from unencrypted Wi-Fi networks. After a German data protection group asked Google permission to audit data collected by the cars, the company came forward to reveal that the privacy of individuals was compromised, claiming that it was a “mistake.”
“Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software — although the project leaders did not want, and had no intention of using, payload data,” the company explained in a blog.
Around 600 GB of personal data was collected by Google during the period. The data included information about user passwords, emails, medical listings, a record of pornography sites visited by a user, online dating records, and so on. Regulators in Germany, Australia, Canada, and other countries spoke out against the company’s actions, demanding strict legal action. In South Korea, police raided Google offices. In 2012, the U.S. Federal Communications Commission (FCC) conducted an investigation into the matter and concluded that Google was liable for privacy breaches.
“The purpose of Google’s Wi-Fi data collection initiative was to capture information about Wi-Fi networks that the company could use to help establish users’ locations and provide location-based services… But Google also collected ‘payload’ data — the content of Internet communications — that was not needed for its location database project,” the FCC said in the report (The Register).
About 22 plaintiffs who filed the lawsuit will now receive monetary compensation from Google, provided that it is approved by the judge who is expected to make a final decision in September. Of the $13 million settlement, only US$3 million will go to the plaintiffs. The remaining amount will be distributed among eight privacy and consumer protection organizations.
A new lawsuit
Google has been hit with a new lawsuit, yet again with regard to the privacy breach. This time, a group of Californians sued the company alleging that their voice conversations were recorded without consent when using products like Google Assistant and Google Home devices. The victims claim that Google’s actions violate California’s wiretap laws.
“California’s privacy laws recognize the unique privacy interest implicated by the recording of someone’s voice… That privacy interest has been heightened by companies exploiting consumers’ private data,” the lawyers representing the aggrieved parties say in the complaint (Media Post).
According to the victims, Google recorded conversations even on occasions when they did not utter the “hot word” (a specific word that triggers Google services to start recording). The plaintiffs are demanding that the court instructs Google to delete all recordings of the victims as well as make the company pay statutory, nominal, and punitive damages.