The issue is not new. Since 2010 it has opened a procedure to Google that now concludes. The Spanish Agency for Data Protection (AEPD) has sanctioned 300,000 euros to the internet giant to consider that the Internet giant “collected and stored personal data” transmitted through open WiFi networks without those affected were aware. The information was used for Street View, the service that allows to explore on the computer places around the world through images at street level.
In this way, the agency has issued a resolution that ends the procedure open to the company Google in relation to the collection and processing of personal data WiFi networks carried out by vehicles used in the Street View project until then, given that the company corrected the “error” in its moment. It should be recalled that the investigation began in May 2010. However, the existence of a criminal court procedure opened in the Court of Instruction number 45 of Madrid forced the Spanish regulator to suspend the processing of its sanctioning procedure under Article 7 of the Royal Decree 1398/1993, which approves the Regulation of the Procedure for the Exercise of Sanctioning Power. In 2013, however, the AEPD concluded the investigation by ensuring that the service “did not violate Spanish regulations” on data protection.
Once it became known the finality of the order by which the provisional dismissal and record of the preliminary proceedings was agreed, the agency has resumed the administrative procedure, resolving it after the corresponding deadline for submitting the allegations. According to the Organic Law on Data Protection (Article 6.1), the processing of personal data requires the “unequivocal consent of the affected party, except for certain exceptions not applicable in this particular case”.
“We have collaborated completely over the last seven years and, of course, we will pay the penalty imposed” (Google sources)
Sources of the North American company have explained to ABC that this is an issue already solved and “does not affect the current Street View service”. “At Google we work conscientiously to comply with privacy-related policies. In this case, and going back to 2010, we already said publicly that we were wrong and, immediately, we informed the Spanish Data Protection Agency of the error and we solved the problem that affected our systems. We have collaborated completely throughout the last seven years and, of course, we will pay the sanction imposed, “the same sources maintain.
In the framework of the research carried out, the AEPD has verified that Google collected information of different types “without those affected having knowledge that said data collection” was taking place and “without their consent”. The company collected, among other things, information regarding email addresses of individuals, user codes and password that allow access to email accounts, IP addresses, MAC addresses of routers and devices connected to them or names of wireless networks (SSID) configured with the name and surnames of the person in charge. It has not been verified that Google treated specially protected data through these systems, sources from the agency added in a statement.
As for the data being collected from open WiFi networks, the resolution specifies that “the fact that holders of WiFi networks do not ensure the encryption of these networks, to the detriment of the security of their data, does not authorize in any way the collection of the information carried out or any subsequent use of it ». Collecting and storing personal data without the consent of their holders is considered serious infringement and punished with fines of 60,101 to 300,506 euros, while capturing specially protected data without authorization or transferring that same data to the US. without guarantees it is considered a very serious infraction and is fined between 300,506 and 601,012 euros.