Google is offering wireless network owners worldwide the possibility of opting out from its Wi-Fi geolocation mapping efforts, in the wake of a decision by the Dutch Data Protection Authority (DPA) that this process is in violation of legislation in the Netherlands.
Google uses its Street View cars to build a global database of wireless access points and their geographic location. The database is used by the company’s services and other Android applications to approximate the location of individuals based on the Wi-Fi networks detected by their handsets at a given time.
The same method is used by other smartphone manufacturers like Apple and Microsoft because it’s quicker than using GPS and consumes less battery power.
However, the Dutch DPA determined that Wi-Fi MAC addresses, coupled with their geographic location, represent personal information and collecting it without consent is a violation of the Dutch Data Protection Act.
As a result, the authority issued four penalty orders at the beginning of this year, threatening Google with a fine of up to €1 million (US$1.4 million) if it doesn’t take steps to remedy the situation. The DPA asked the company to provide an opt-out mechanism for Wi-Fi geolocation mapping and to advertise it via news websites and national newspapers.
Google announced on Monday that Wi-Fi owners can add “_nomap” to the name of their networks in order to have them excluded from the geolocation mapping process. The company chose this approach because it offers the best protection against abuse, Peter Fleischer, Google’s global privacy counsel, said in a blog post.
A Dutch DPA spokeswoman said that it will take a couple of weeks for the agency to determine whether Google’s method is compliant with its requests. If it is, the company will not be subject to any fine.
However, according to Professor Joseph Cannataci, an European data protection expert and coordinator of the E.U.-funded SMART project, which is researching all forms of smart surveillance systems in Europe, this is most likely not the end of official scrutiny of Google’s geolocation data collection practices.
“The Dutch interpretation would be very much a standard interpretation, especially within the European Union, for all those countries who follow the opinion of the Article 29 Working Party,” Cannataci said.
The Art. 29 Data Protection Working Party is the independent E.U. advisory body on data protection and privacy. Back in May, it released an official opinion saying that Wi-Fi MAC addresses coupled with geolocation information can and must be considered personal information.
The Dutch DPA has been contacted by data protection authorities from other European countries regarding this case, a spokeswoman for the agency said, but declined to name which ones.
According to Cannataci, Google’s opt-out method might not be enough to stop future legal actions against Wi-Fi geolocation mapping in the E.U., because European data protection legislation requires companies to obtain consent for the collection of personal data in advance.