[Editor's note, 5/14/10: This post contains incorrect information about our WiFi data collection (see * below). We have posted a clarification and update about our process on the Official Google Blog.]

Over the weekend, there was a lot of talk about exactly what information Google Street View cars collect as they drive our streets. While we have talked about the collection of WiFi data a number of times before--and there have been stories published in the press--we thought a refresher FAQ pulling everything together in one place would be useful. This blog also addresses concerns raised by data protection authorities in Germany.

What information are your cars collecting?
We collect the following information--photos, local WiFi network data and 3-D building imagery. This information enables us to build new services, and improve existing ones. Many other companies have been collecting data just like this for as long as, if not longer, than Google.
  • Photos: so that we can build Street View, our 360 degree street level maps. Photos like these are also being taken by TeleAtlas and NavTeq for Bing maps. In addition, we use this imagery to improve the quality of our maps, for example by using shop, street and traffic signs to refine our local business listings and travel directions;
  • WiFi network information: which we use to improve location-based services like search and maps. Organizations like the German Fraunhofer Institute and Skyhook already collect this information globally;
  • and 3-D building imagery: we collect 3D geometry data with low power lasers (similar to those used in retail scanners) which help us improve our maps. NavTeq also collects this information in partnership with Bing. As does TeleAtlas.
What do you mean when you talk about WiFi network information?
WiFi networks broadcast information that identifies the network and how that network operates. That includes SSID data (i.e. the network name) and MAC address (a unique number given to a device like a WiFi router).

Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.*

But doesn’t this information identify people?
MAC addresses are a simple hardware ID assigned by the manufacturer. And SSIDs are often just the name of the router manufacturer or ISP with numbers and letters added, though some people do also personalize them.

However, we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars.

Is it, as the German DPA states, illegal to collect WiFi network information?
We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device. Companies like Skyhook have been collecting this data cross Europe for longer than Google, as well as organizations like the German Fraunhofer Institute.

Why did you not tell the DPAs that you were collecting WiFi network information?
Given it was unrelated to Street View, that it is accessible to any WiFi-enabled device and that other companies already collect it, we did not think it was necessary. However, it’s clear with hindsight that greater transparency would have been better.

Why is Google collecting this data?
The data which we collect is used to improve Google’s location based services, as well as services provided by the Google Geo Location API. For example, users of Google Maps for Mobile can turn on “My Location” to identify their approximate location based on cell towers and WiFi access points which are visible to their device. Similarly, users of sites like Twitter can use location based services to add a geo location to give greater context to their messages.

Can this data be used by third parties?
Yes--but the only data which Google discloses to third parties through our Geo Location API is a triangulated geo code, which is an approximate location of the user’s device derived from all location data known about that point. At no point does Google publicly disclose MAC addresses from its database (in contrast with some other providers in Germany and elsewhere).

Do you publish this information?
No.

But wouldn’t GPS enable you to do to all this without collecting the additional data?
Yes--but it can be much slower or not available (e.g. when there is no view of the sky; when blocked by tall buildings). Plus many devices don’t have GPS enabled. GPS is also expensive in terms of battery consumption, so another reason to use WiFi location versus GPS is to conserve energy.

How does this location database work?
Google location based services using WiFi access point data work as follows:
  • The user’s device sends a request to the Google location server with a list of MAC addresses which are currently visible to the device;
  • The location server compares the MAC addresses seen by the user’s device with its list of known MAC addresses, and identifies associated geocoded locations (i.e. latitude / longitude);
  • The location server then uses the geocoded locations associated with visible MAC address to triangulate the approximate location of the user;
  • and this approximate location is geocoded and sent back to the user’s device.
How do your cars collect this WiFi data?
Visibly attached to the top of the car is a commercially available radio antenna. This antennae receives publicly broadcast WiFi radio signals within range of the vehicle. The equipment within the car operates passively, receiving signals broadcast to it but not actively seeking or initiating a communication with the access point.

Why didn’t you let the German DPA see the car?
We offered to let them examine it last year --it is totally untrue to say we would not let them see the car. They are still welcome to do so.

How do you collect 3-D building imagery?
We collect 3D geometry data with low power lasers (similar to those used in retail scanners).

Is this safe?
Yes.

You can also read the WiFi
submission we made today to several national data protection authorities.

Posted by Peter Fleischer, Global Privacy Counsel

** Added additional sentence to first bullet point.