Woops, Google's Street View cars collected email passwords and more "sensitive data"

I’ve been known to give Facebook a hard time over its lax security and disregard for user privacy but, frankly, Google’s doing a pretty good job at keeping up.

Not to be outdone by the social networking site, the search giant has already got into hot water for the overzealous nature by which it collected WiFi data when driving around towns in 30 countries creating its Google Maps Street View.

As we reported at the time, Street View cars had been “mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks” since 2006, although we didn’t see it as a major privacy issue, stating that it wasn’t likely that Google grabbed enough data about many individuals to make it a real concern. Google, of course, said pretty much the same thing.

Now it seems that they (and we) were wrong.

The BBC is reporting that the French data protection agency CNIL, having begun looking into the exact data that Google’s Street View cars captured, has found that the “sensitive data” included email passwords and “data that are normally covered by… banking and medical privacy rules”.

That is, potentially, pretty sensitive stuff, although there is no evidence that said data has been used maliciously.

The French authorities are still investigating and hope to come to a decision by September as to whether to prosecute for breach of privacy. Other options include handing down a warning or issuing a fine.

Google says it’s co-operating with the French authorities and others around the world, and that ultimately it wants to delete the data and move on.

“We have reached out to the data protection authorities in the relevant countries, and are working with them to answer any questions they have,” a Google spokesperson is quoted by the BBC.

“Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities.”