"Over the weekend, there was a lot of talk about exactly what information Google Street View cars collect as they drive our streets. While we have talked about the collection of WiFi data a number of times before--and there have been stories published in the press--we thought a refresher FAQ pulling everything together in one place would be useful. This blog also addresses concerns raised by data protection authorities in Germany.
"What information are your cars collecting?
"We collect the following information--photos, local WiFi network data and 3-D building imagery. This information enables us to build new services, and improve existing ones. Many other companies have been collecting data just like this for as long as, if not longer, than Google.
"♦Photos: so that we can build Street View, our 360 degree street level maps. Photos like these are also being taken by TeleAtlas and NavTeq for Bing maps. In addition, we use this imagery to improve the quality of our maps, for example by using shop, street and traffic signs to refine our local business listings and travel directions;
"♦WiFi network information: which we use to improve location-based services like search and maps. Organizations like the German Fraunhofer Institute and Skyhook already collect this information globally;
"♦and 3-D building imagery: we collect 3D geometry data with low power lasers (similar to those used in retail scanners) which help us improve our maps. NavTeq also collects this information in partnership with Bing. As does TeleAtlas.
"What do you mean when you talk about WiFi network information?
"WiFi networks broadcast information that identifies the network and how that network operates. That includes SSID data (i.e. the network name) and MAC address (a unique number given to a device like a WiFi router).
"Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.*
"But doesn’t this information identify people?
"MAC addresses are a simple hardware ID assigned by the manufacturer. And SSIDs are often just the name of the router manufacturer or ISP with numbers and letters added, though some people do also personalize them. However, we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars.
"Is it, as the German DPA states, illegal to collect WiFi network information?
"We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device. Companies like Skyhook have been collecting this data cross Europe for longer than Google, as well as organizations like the German Fraunhofer Institute.
"Why did you not tell the DPAs that you were collecting WiFi network information?
"Given it was unrelated to Street View, that it is accessible to any WiFi-enabled device and that other companies already collect it, we did not think it was necessary. However, it’s clear with hindsight that greater transparency would have been better.
"Why is Google collecting this data?
"The data which we collect is used to improve Google’s location based services, as well as services provided by the Google Geo Location API. For example, users of Google Maps for Mobile can turn on “My Location” to identify their approximate location based on cell towers and WiFi access points which are visible to their device. Similarly, users of sites like Twitter can use location based services to add a geo location to give greater context to their messages.
"Can this data be used by third parties?
"Yes--but the only data which Google discloses to third parties through our Geo Location API is a triangulated geo code, which is an approximate location of the user’s device derived from all location data known about that point. At no point does Google publicly disclose MAC addresses from its database (in contrast with some other providers in Germany and elsewhere).
"Do you publish this information?
"No" (http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html, accessed 05-23-2012).
On June 9, 2010 Google announced in its Official Blog that it had "mistakenly included code" in its software that collected "samples of payload data" from unencrypted WiFi networks, but not from encrypted WiFI networks. It also announced that in response to requests from the Irish Data Protection Authority it was deleting payload data collected from Irish WiFi networks.