There has been a lot of press over the Privacy Commissioner’s decision that the Google Street View collection of information from unprotected wifi signals breached PIPEDA. See the press release, and the decision. See examples of press reports by the CBC and CTV. The CTV report says that Spanish regulators announced they were filing a lawsuit against Google for the incident, seeking millions in fines.
I know nothing more about this than I read in the press – but I think we need to put Google’s actions in perspective here. Yes, it should not have collected that data. And yes, PIPEDA and the privacy laws of other counties were violated. And yes, it should take steps to ensure something like this won’t happen again.
But when Google realized what it had done, it immediately stopped collecting it, isolated the information, saved it for the sole purpose of allowing investigators to look at it with a promise to destroy it once that was done, alerted the public and privacy authorities, and cooperated freely and frankly with privacy authorities. Personal information was not released to anyone or used for any improper purpose. No actual harm occured to anyone. It was an error, not an intentional flouting of privacy laws.
So despite the fact that inappropriate collection occurred, its reaction was a model of cooperation consistent with its “Do no evil” mantra.
In my view, attempts by regulators to collect massive fines are misguided. It in essence punishes for making it public and cooperating, not for the improper collection. Facing the spectre of fines would make companies want to keep such incidents to themselves – which is not what regulators want.