Google has publicly acknowledged that the WiFi data collected by its world-roving Street View cars contained entire emails, URLs, and passwords.
On Friday afternoon, with a blog post
, senior vice president of engineering Alan Eustace also said – yet again – that most of the data is "fragmentary," and that the company intends to delete the data "as soon as possible."
"I would like to apologize again for the fact that we collected it in the first place," Eustace wrote. "We are mortified by what happened." The company has always said that the data collection was a "mistake," saying that code developed by a single engineer was added to its cars although project leaders had no intention of doing so. Independent investigations have said that the data contained emails and passwords as well as home addresses and phone numbers.
In May, it was Eustace who revealed – with another blog post – that Google Street View cars had been collecting data sent over unsecured WiFi networks
, contradicting previous claims from the company.
With earlier public statements, Google had said its cars were collecting only the SSIDs that identify WiFi networks and the MAC addresses that identify particular network hardware, including routers. Google uses such data in products that rely on location data, such as Google Maps.
Privacy authorities across the globe launched investigations of Google's WiFi data collection, and some concluded that the company had violated local laws
, including, most recently, Canada privacy commissioner Jennifer Stoddart. Spain has filed a lawsuit against the web giant. Seven investigations have been completed so far, and others are still pending.
When Eustace first revealed the WiFi payload collection, he said the company would review its "procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future." And regulators demanded such reviews as well. So, with Friday's blog post, Eustace also laid out the company's new internal policies.