Feeds

Google's Street View could be unlawful in Europe

Private, in these parts

SANS - Survey on application security programs

Analysis Like a trigger-happy tourist, Google has shot almost every street in five US cities and added its pics to what might be the world's biggest holiday album. But if Google ever starts shooting the streets of Europe, courts here could fight back.

Google Maps Street View is the latest service from the search giant. Vehicles with multi-lens cameras travelled the streets of San Francisco, New York, Las Vegas, Denver and Miami and snapped everything in their paths. The images were uploaded to Google Maps and now, when you're looking at a location in Google Maps that has been photographed, you can see the pics. If you live in a featured city and you've been passed by a Google van or a car from its partner, Immersive Media, the cameras probably saw you too.

Privacy fears were first raised by New Yorker Mary Kalin-Casey. She told the Boing Boing blog that, when trying out Street View, she recognised her cat, Monty, through the window of her own home. She said that the experience made her shake (though she'd have more cause for alarm if the camera captured her Georgian silverware).

I haven't seen anything that has made me shake, at least not yet, though I'm still looking and hoping. I love Google Maps and Street View just makes it better. But if it comes to Europe, there could be complaints that have grounds for litigation.

Complaints could be triggered by the images that spread across the internet like wildfire – the celebrity entering rehab or the nude at the window. And complaints could be triggered by the images that have a more personal impact on lives – the malingerer in the park or the husband on his paramour's porch. It does not matter that the pictures were taken in a public place.

If you are caught on camera and complain to Google, Google will remove the pics. But that may not be enough for Europe's courts.

Our data protection regime lets us take holiday snaps, even of strangers, provided we're doing so for private purposes. But if we're taking snaps for commercial use, where individuals are identifiable, there is no such exemption. We need to notify the subjects, and that's hard for Google to do. Even a loudspeaker on top of the camera cars ("Hi, it's Google here, say 'cheese' everybody!") might not suffice.

The law sets extra requirements for so-called sensitive personal data: it demands explicit consent, not just notification. That means when taking pictures of someone leaving a church or sexual health clinic – which could reveal a religious belief or an illness – camera cars might need to pull over and start picking up signatures.

The need for individuals to be identifiable is an important one: Monty the cat looked like a blob to me. Cats can't sue, even in Europe, but humans are just as hard to identify in Street View from what I've seen because the resolution is too low.

It's not just those who are identifiable and caught in the act that can give Google a tough time. We Europeans could ask Google to ensure that no picture of us appears in Google Maps in the first place.

The nature of this rule varies across Europe, but in the UK we have a right to prevent the display of an image that would cause substantial distress. All we have to do is send an email to Google asking that it does not display a picture of us: "Dear Google, I think your camera caught me in Hyde Park this lunch time canoodling with my wife's best friend. Please make sure I can't be seen in Google Maps because this may cause me substantial distress. I've attached a pic of what I look like." If Google refuses or ignores you, you can go to the Information Commissioner and ask him to enforce the right. If there's damage and distress, you can sue.

Street View is rather like CCTV and the Information Commissioner has published a CCTV Code of Practice (35-page / 434KB PDF). The guidance is surely impossible for Google to follow: "Signs should be placed so that the public are aware that they are entering a zone which is covered by surveillance equipment … [These signs] should be clearly visible and legible to members of the public". The guidance adds that "individuals sunbathing in their back gardens may have a greater expectation of privacy than individuals mowing the lawn of their front garden". Perhaps the Information Commissioner will take a pragmatic view and say that footage of someone walking down a street is acceptable, but footage of someone entering rehab is not. Maybe a mashup of Google Search and Google Maps could locate abortion clinics etc. and delete the footage.

Then there are our human rights.

On an evening in August 1995, a 42-year-old called Geoffrey Peck attempted suicide by cutting his wrists with a kitchen knife while on Brentwood High Street in Essex, England. CCTV cameras caught the action, the council's CCTV operator alerted the police and the police intervened. Peck lived. But still images from the CCTV footage were sold by the local council to the media. Peck took his complaint as far as the European Court of Human Rights and won.

The court said that the disclosure of the footage was a "disproportionate and unjustified interference" with Peck's private life, in violation of Article 8 of the European Convention on Human Rights. The court considered it significant that "[Peck's] actions were seen to an extent which far exceeded any exposure to a passer-by or to security observation and to a degree surpassing that which [Peck] could possibly have foreseen." Peck won damages of £7,000.

There's a qualification here: the Human Rights Act generally applies only to public authorities – and Google is not a public authority. But it does not escape completely. Courts are public authorities, and if someone sues Google for breaching the Data Protection Act in similar circumstances, courts will seek to protect a person's human rights in deciding the case. So human rights enter the case by a back door.

You can see Brentwood High Street in Google Maps, but not with Street View. Perhaps you never will.

Struan Robertson is Editor of OUT-LAW. These are the personal views of the author and do not necessarily represent the views of Pinsent Masons.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.