Despite Google's own admission of Street View-related privacy breaches, the German data protection institution is continuing with its own investigation of the matter, driven by long-standing suspicions.
Google has been criticized by privacy advocates worldwide
Google has acknowledged that a fleet of its Street View cars equipped with wireless equipment have collected some e-mails and computer passwords in various countries.
"It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," wrote Alan Eustace, Google's senior vice president of engineering and research, in a post published late Friday on Google's public policy blog.
This is the first time that Google has revealed the full extent of the privacy breach, which it had previously blamed on a coding error.
The company said it plans delete the data "as soon as possible" and wants to make improvements to its policies.
This follows a previous announcement in May, prompted by investigations by German privacy officials, that the company had mistakenly collected unencrypted WiFi payload data (information sent over networks) using its Street View cars.
The cars are used for Google's mapping service and take panoramic photos of streets in various countries around the world.
Situation merits further examination
Google plans to add Germany's 20 largest cities to Street View by the end of 2010
The latest revelations failed to surprise Johannes Caspar, Hamburg's commissioner for data protection and freedom of information, and the leading authority in the German Google investigation.
"This just confirms what we expected," he told Deutsche Welle. "It could already have been predicted a few months ago."
According to Caspar, Germany will continue with its enquiry as planned, aiming for an independent assessment before "we think about taking further action."
Following the May privacy invasion scandal, hard drives of computers involved are being inspected. Should Google's statement be proven true, Caspar says the company may be fined.
According to Ulrich Boerger, a Hamburg-based privacy lawyer, evidence of password and email leaks would add another dimension to the privacy debate in Germany, but "it's difficult to talk about any concrete consequences at this stage."
Similar reaction in the UK
Google's latest revelations have also not altered the general course of action for UK authorities, despite having cleared Google of the charge of having collected "meaningful personal details" earlier this year.
"We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers," wrote the Information Commissioner's Office, Great Britain's data protection agency, in a statement published on its website.
Google has previously said it did not realize that Kismet, a free software program it uses to detect wireless networks, was also recording snippets of emails and web pages. Kismet only captures that data when network owners forget to switch on encryption.
Author: Eva Wutke
Editor: Cyrus Farivar