The UK Information Commissioner's Office (ICO) has reopened its investigation into Google over information collected over Wi-Fi by the company's Street View cars.

Google Street View
Reuters

The ICO has written to senior vice-president Alan Eustace and echoes the view of the US Federal Communications Commission that personal information was deliberately collected.

ICO has asked Google to answer seven specific demands for information:

1. List precisely what type of personal data and sensitive personal data was captured within the payload data collected in the UK.

2. Confirm at what point Google managers became aware of the type of payload data being captured during operations in the UK and what technological or organisational measures were introduced to limit further data collection prior to the admissions made by Google Inc on the blog post dated 14 May, 2010.

3. Provide a substantial explanation as to why this type of data was not included in the pre-prepared data sample presented to and viewed by staff from the Information Commissioners Office.

4. At what point had the senior managers within Google seen the software design documents and been briefed about the code and precisely what type of data it could capture during the development process and actual capture of payload data?

5. Provide copies of the original software design document and any subsequent version control software documentation and associated logs used to record managerial decisions and rationale.

6. Outline in full the privacy concerns identified by Google managers once the [software] engineer [who designed the programme] revealed the practice, including details of how this threat was managed and what decisions were made to continue or terminate this practice.

7. Outline what measures were introduced to prevent breaches of the Data Protection Act 1998 at each stage of the Google Street View process.

Google said it was happy to answer the ICO's questions.

"We have always said that the project leaders did not want and did not use this payload data. Indeed, they never even looked at it," a Google spokesman told the BBC.

ICO first looked into the matter in 2010 when a public blog reported that Google Street View vehicles had been adapted to collect publicly available Wi-Fi signals and had mistakenly collected a limited amount of payload data, likely to include a very limited quantity of emails, URLs and passwords.

Google said at the time its purpose had been to identify Wi-Fi networks and to map their approximate location using GPS co-ordinates of the GSV car when the radio signal was received. The aim was to build and improve the geo-location database for location-based mobile applications.

At the time ICO considered Google's compliance with the provisions of the Data Protection Act and, following consideration of the remedial action taken by Google and the evidence available, decided to not exercise his enforcement powers.

In August 2011, ICO ruled that Google had taken reasonable steps to improve its privacy policies following an audit at the company's London office.

However, the notice of Google's good works came with a warning that ICO would continue to be vigilant.

"The ICO's Google audit is not a rubber stamp for the company's data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO."

The contract software engineer behind the project - referred to as Engineer Doe in the FCC documents - was named by a former state investigator as Marius Milner, a programmer who specialises in telecommunications and Wi-Fi networking.

London