Information & Ethics Committee on Nov. 25th, 2010

We have put in place privacy policies that are posted on our websites and that users can access and review. We are currently reviewing these privacy policies to make them more uniform throughout the company, as the company has grown through acquisitions over the course of the past few years. We are satisfied that we are complying with privacy legislation as it exists.

As for the policies and the systems we have in place to ensure privacy—and maybe this is where, if the conversation becomes slightly more technical, I will have to pass the mike over to Martin--my understanding is that our IS/IT department has put in place systems that would be the accepted industry standards relative to protecting privacy. As far as receiving and dealing with privacy complaints is concerned, they all come through my office. To be very candid and very transparent in front of the committee, there are very limited instances where privacy concerns have been raised and have reached my office and we have had to deal with them.

Certainly. I would be happy to.

Let me first clarify a bit about what I was getting at in saying that we didn't want it to be only a privacy tool. As my privacy team works to build privacy tools and to build transparency and control into all of Google's products, one of the things we're very aware of is that there's very often a valid critique that these settings and options for users are buried underneath a privacy link or a privacy option where nobody ever actually goes.

We wanted to be ambitious about addressing that problem by making the dashboard as much as possible a place where people would simply go to see all the information in their account for all kinds of reasons: because they're looking for something or because it's useful to them in other ways. By doing that, it would keep them informed about the information, about the data that was in all the different Google services they might have used over time.

It would keep them informed about which services they might have used at one time, then forgotten about and never gone back to again, but that still have some of their data. They would be informed in this way even if they never had that moment of thinking that they should check on their privacy. We felt that was a way for us to reach, to protect, and to better serve more of our users, even if they weren't necessarily people who were already very conscious of privacy as a question.

That is an excellent question and I hope that I will be able to put the committee at ease by providing it with some assurances.

I can tell you that Canpages, actually Yellow Pages Group Co., is not a highly developed technology company. Neither Canpages nor Yellow Pages Group Co. have the technology inside the company to produce a service like Street Scene or Street View.

When Olivier Vincent came to address the committee in June 2009, he explained, if I am not mistaken, that we were right at the start of services like Street Scene.

Against that background, Canpages still had the foresight to require confidentiality assurances from its supplier. If I am not mistaken, Mr. Vincent told the committee that the company had committed to destroy and discard any image in which things like vehicle licence plates and faces, I believe, had not been blurred.

Since we were invited to be part of the committee's work, and when we became aware of Google's testimony last November, we got in touch with the supplier and asked for clarification on the incidents that happened when Google was taking pictures. We then looked into whether comparable situations had arisen. Our supplier assured us that Wi-Fi zones had not been detected and that no data transmitted from those zones had been intercepted either. Basically, they did not have the technology to identify Wi-Fi zones in the street as the pictures were being taken.

Good afternoon. I do not have information about exactly which technology our supplier uses. What I want to add, as a follow-up to your first question, is that we just use the images; MapJack uses nothing else that could be considered other data. For us, it really is all about the image, a specific interaction at a specific point.

Certainly. The improved training that we are putting in place has a number of aspects.

First, we are going to have broad security and privacy compliance training and code of conduct compliance training across the entire company--both of those things for all of the employees.

Second, there is going to be a more focused and deeper training specific to different kinds of job roles. We are currently in the process of putting together a much more focused and in-depth training for engineers and product managers that will be specific to their jobs. We will also be looking at other functions within the company, such as legal functions and customer service and sales, to offer appropriate and more in-depth training for each of those roles.

I will answer in part, but then I will also invite Mr. Glick to answer specifically to Canada.

Everywhere, in every country where we have any of this data, it has always been Google's desire, since we discovered that we had mistakenly collected this data, to delete it as quickly as possible. In each country, we have been cooperating very closely with the appropriate data protection authorities as they investigate how this data came to be collected, and in each country when we have been able to establish that there is no legal requirement for us to keep the data, we have immediately moved to delete it.

I will ask Mr. Glick to also chime in to answer your question, because he is the specialist for Canada.

Thank you very much.

First, I think I said in my remarks to the committee on November 4 that we had deleted the U.K. data. I actually am not sure that this is the case. I misspoke when I said that, because I thought that the investigation had been concluded. In fact, it concluded subsequent to my appearance.

I'm not certain that the data has been deleted. I just don't know the answer to that. But the analysis that's being undertaken in the U.K. will be similar to what's happening in Canada and elsewhere in the world. We want to confirm all of the obligations we have under relevant law to preserve data so as to ensure that in the process of deleting it we don't inadvertently do something else that's bad.

Again, this is what I mentioned in response to the committee's question and to the point Mr. Siksay raised, which is that we only get one chance to delete the data. The analysis has to be incredibly thorough to ensure that we get it right.

It's being stored in a secure facility in California, the same place it's been stored in since the Privacy Commissioner's investigators reviewed it.

As far as I know, it's in a secure facility there. I don't know that it's on the Google campus. I think it's being held by a third party, but I'm not 100% certain about that. Dr. Whitten may have some additional information.

Wherever it was being stored at the time that the Privacy Commissioner's investigators came to review it is the same place it's being stored today, in a secure manner. It is segregated from the Google corporate network and segregated from any other data, and there is limited access to it. All of the security restrictions in place that were around the data when her investigators came to review it are in place today.

Well, it left Canada when it was collected in the cars. So it's not like it left Canada during the process of this investigation.