Feeds

Google's Street View could be unlawful in Europe

Private, in these parts

Designing a Defense for Mobile Applications

Analysis Like a trigger-happy tourist, Google has shot almost every street in five US cities and added its pics to what might be the world's biggest holiday album. But if Google ever starts shooting the streets of Europe, courts here could fight back.

Google Maps Street View is the latest service from the search giant. Vehicles with multi-lens cameras travelled the streets of San Francisco, New York, Las Vegas, Denver and Miami and snapped everything in their paths. The images were uploaded to Google Maps and now, when you're looking at a location in Google Maps that has been photographed, you can see the pics. If you live in a featured city and you've been passed by a Google van or a car from its partner, Immersive Media, the cameras probably saw you too.

Privacy fears were first raised by New Yorker Mary Kalin-Casey. She told the Boing Boing blog that, when trying out Street View, she recognised her cat, Monty, through the window of her own home. She said that the experience made her shake (though she'd have more cause for alarm if the camera captured her Georgian silverware).

I haven't seen anything that has made me shake, at least not yet, though I'm still looking and hoping. I love Google Maps and Street View just makes it better. But if it comes to Europe, there could be complaints that have grounds for litigation.

Complaints could be triggered by the images that spread across the internet like wildfire – the celebrity entering rehab or the nude at the window. And complaints could be triggered by the images that have a more personal impact on lives – the malingerer in the park or the husband on his paramour's porch. It does not matter that the pictures were taken in a public place.

If you are caught on camera and complain to Google, Google will remove the pics. But that may not be enough for Europe's courts.

Our data protection regime lets us take holiday snaps, even of strangers, provided we're doing so for private purposes. But if we're taking snaps for commercial use, where individuals are identifiable, there is no such exemption. We need to notify the subjects, and that's hard for Google to do. Even a loudspeaker on top of the camera cars ("Hi, it's Google here, say 'cheese' everybody!") might not suffice.

The law sets extra requirements for so-called sensitive personal data: it demands explicit consent, not just notification. That means when taking pictures of someone leaving a church or sexual health clinic – which could reveal a religious belief or an illness – camera cars might need to pull over and start picking up signatures.

The need for individuals to be identifiable is an important one: Monty the cat looked like a blob to me. Cats can't sue, even in Europe, but humans are just as hard to identify in Street View from what I've seen because the resolution is too low.

It's not just those who are identifiable and caught in the act that can give Google a tough time. We Europeans could ask Google to ensure that no picture of us appears in Google Maps in the first place.

The nature of this rule varies across Europe, but in the UK we have a right to prevent the display of an image that would cause substantial distress. All we have to do is send an email to Google asking that it does not display a picture of us: "Dear Google, I think your camera caught me in Hyde Park this lunch time canoodling with my wife's best friend. Please make sure I can't be seen in Google Maps because this may cause me substantial distress. I've attached a pic of what I look like." If Google refuses or ignores you, you can go to the Information Commissioner and ask him to enforce the right. If there's damage and distress, you can sue.

Street View is rather like CCTV and the Information Commissioner has published a CCTV Code of Practice (35-page / 434KB PDF). The guidance is surely impossible for Google to follow: "Signs should be placed so that the public are aware that they are entering a zone which is covered by surveillance equipment … [These signs] should be clearly visible and legible to members of the public". The guidance adds that "individuals sunbathing in their back gardens may have a greater expectation of privacy than individuals mowing the lawn of their front garden". Perhaps the Information Commissioner will take a pragmatic view and say that footage of someone walking down a street is acceptable, but footage of someone entering rehab is not. Maybe a mashup of Google Search and Google Maps could locate abortion clinics etc. and delete the footage.

Then there are our human rights.

On an evening in August 1995, a 42-year-old called Geoffrey Peck attempted suicide by cutting his wrists with a kitchen knife while on Brentwood High Street in Essex, England. CCTV cameras caught the action, the council's CCTV operator alerted the police and the police intervened. Peck lived. But still images from the CCTV footage were sold by the local council to the media. Peck took his complaint as far as the European Court of Human Rights and won.

The court said that the disclosure of the footage was a "disproportionate and unjustified interference" with Peck's private life, in violation of Article 8 of the European Convention on Human Rights. The court considered it significant that "[Peck's] actions were seen to an extent which far exceeded any exposure to a passer-by or to security observation and to a degree surpassing that which [Peck] could possibly have foreseen." Peck won damages of £7,000.

There's a qualification here: the Human Rights Act generally applies only to public authorities – and Google is not a public authority. But it does not escape completely. Courts are public authorities, and if someone sues Google for breaching the Data Protection Act in similar circumstances, courts will seek to protect a person's human rights in deciding the case. So human rights enter the case by a back door.

You can see Brentwood High Street in Google Maps, but not with Street View. Perhaps you never will.

Struan Robertson is Editor of OUT-LAW. These are the personal views of the author and do not necessarily represent the views of Pinsent Masons.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Application security programs and practises

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.