Last Friday, Google announced that its Street View cars had accidentally collected private data from unencrypted Wi-Fi networks while making their rounds, and the international response began in full force.
The same day, the Irish Data Protection Authority asked Google to delete all of that payload that was collected in Ireland. Yesterday, Google wrote, “We can confirm that all data identified as being from Ireland was deleted over the weekend in the presence of an independent third party. We are reaching out to Data Protection Authorities in the other relevant countries about how to dispose of the remaining data as quickly as possible.”
Independent security firm iSEC Partners Inc also confirmed the deletion. Partner Alex Stamos said that Google had consolidated the Wi-Fi packet captures onto four hard drives, organized into folders corresponding to the nation of origin, and the data relevant to Ireland was then destroyed.
“I created two new encrypted volumes on separate hard drives, and copied over all of the data with the exception of the data that was identified as being captured within the Republic of Ireland,” Stamos wrote on Sunday, “I then witnessed the physical destruction of the original four hard drives.”
Today, however, German data security representative Johannes Caspar said this would not be enough, and that Google has until May 26 to turn over the hard drive with German data on it, so the extent of the infraction can be inspected.
Caspar told The Thuringer today that Google has to do anything it can to repair its tarnished reputation.
“Before it can, we must be granted access to all of the collected data,” Caspar said. “Only then can it be clearly documented what kind of data was saved. Despite repeated demands, we’ve had no opportunity yet, to sift through a hard disk with all of the data.”
Caspar has more meetings with Google this week in Hamburg.