The agency states in a statement that it has verified the collection of location data of Wi-Fi networks with identification of their owners, and personal data of various nature of the content of communications such as: email addresses -with name and surname-, messages associated with said accounts and messaging services, or user codes and passwords, among others. And that this data has been transferred by Google to the US without guarantees of privacy protection. The AEPD has transferred to the Court of Instruction No. 45 of Madrid the final report of the inspection, and, in accordance with the legislation of Administrative Procedure, suspends the processing of the sanctioning file until the resolution of the judicial body.
The inspections were initiated by the agency in May of this year. The opening of the sanctioning procedure by the Spanish Agency for Data Protection comes after completing the investigations carried out by the inspection of the AEPD that have allowed to verify the existence of indications of the commission of a total of five infractions. Two of them are attributable to Google Inc., as responsible for the design of the data collection program and the service. The other three are imputed to Google Spain, as responsible for the collection of data on Spanish streets and its transfer to the United States.
Among the types of personal data transmitted through Wi-Fi networks, the AEPD "has verified the collection and storage by Google of email addresses with name and surname; addresses and accounts associated with email or instant messaging messages; access to social network accounts and websites, or user codes and password with personal data that identify their owners, and that in some cases allow access to specially protected data, among others. Likewise, it has been verified the collection by Google of location and identification data of wireless networks such as SSIDs, - identifiers or names of the Wi-Fi network - which in some contain the real name of the subscriber of the network, and MAC addresses - which identify the router devices and the devices connected to it - and the geographical position in which they were captured. "
Serious infractions can be penalized with fines ranging from 60,000 to 300,000 euros. The very serious ones can be punished with fines of 300,000 to 600,000 euros.
Google has issued a statement in which it responds to the Spanish Agency for Data Protection in which it regrets "deeply having collected data in Spain. This data has not been used in any way in any Google product and the company never intended to use it in any way. It's important to remember that usually only fragments of data were captured: our cars are in motion and our onboard WiFi equipment automatically switches channels about five times per second. Likewise, the Prosecutor's Office of the Provincial Court of Guipúzcoa has recently filed its investigation in relation to the collection of data from WiFi networks in Spain. In its decision it was mentioned that the capture of information was random and fragmentary and has never been used in any Google product."
Once a judicial resolution is issued, the Spanish Agency for Data Protection will resume the administrative procedure in the investigation phase of the same, in which the company will have a period to formulate allegations or present evidence, before the body resolves the commission of infractions of the LOPD, the typification of the same.
The Street View case in Spain has been investigated by the Prosecutor's Office of Guipúzcoa that filed it considering that with the data collected, very fragmentary, the company had not made any commercial use of them. However, there is still a lawsuit in a court in Madrid where those responsible for Google Spain must appear as defendants to testify in it.
Source: El País
