Out-Law News | 22 Apr 2009 | 12:14 pm | 5 min. read
The controversial photo-mapping of 25 UK towns and cities has prompted protests from privacy campaigners, notably Privacy International's Simon Davies. In a letter defending its backing for the service, the ICO said that the face blurring technology largely worked, and that Google had stuck to its word in removing any images on request.
The service launched on 19th March in the UK and by 30th March the ICO was able to tell Davies that it had received no complaints about any Google failure to keep its word on image removal.
"We emphasised to Google the importance of including the facility for individuals to report problem images, that such a facility should be accessible to all users and that Google act promptly on those reports," said an ICO letter to Davies. "We have not been contacted by any individuals concerned that a reported image has not been amended or removed."
An ICO spokesman has told OUT-LAW.COM that it has received "74 written complaints/enquiries since the launch of Google Street View", but the ICO was not able to break down those concerns before publication.
The ICO gave Street View the all clear last summer, based on descriptions given by Google of how software would automatically identify and blur faces and car number plates. It recently wrote to Davies of Privacy International to respond to his claims to the regulator that Street View was illegal. It stood by its initial assessment that the service was not a breach of the Data Protection Act.
ICO said that it agreed with Davies that the technology would make some mistakes and some faces would not be blurred, and that even people with blurred faces would be identifiable. This did not, though, make the service illegal, it said.
"Blurring someone’s face is not guaranteed to take that image outside the definition of personal data," said the letter, written by ICO senior data protection practice manager Dave Evans. "Even with a face completely removed, it will still be entirely likely that a person would recognise themselves or someone close to them. However, what the blurring does is greatly reduce the likelihood that lots of people would be able to identify individuals whose image has been captured."
The ICO said that the context in which it made its assessment of Street View was that it was just a collection of photos of public street scenes. The photos were of the streets, not the people, and the people simply happened to be on those streets.
"The important data protection point is that an individual’s presence in a particular image is entirely incidental to the purpose for capturing the image as a whole. In other words, there is a great deal of difference between publishing images which might enable people to identify themselves and others they know well, and the publication of images which are intended to identify that a particular person was doing a particular thing at a particular time," it said.
The ICO said in the letter that it would be "disproportionate" to force the withdrawal of the service because of relatively small privacy risk, particularly since it said it was unclear from Davies's letter how Street View actually broke the law. The letter points out that the Court of Appeal distinguished between privacy-invading photos that sought to include an individual and those that happened to include someone.
The case referred to was about photographs of Harry Potter author JK Rowling's then-infant son.
"If the photographs had been taken…to show the scene in a street by a passer-by and later published as street scenes, that would be one thing, but they were not taken as street scenes but were taken deliberately, in secret and with a view to their subsequent publication," wrote Sir Anthony Clarke in that ruling. "They were taken for the purpose of publication for profit, no doubt in the knowledge that the parents would have objected to them."
"It is not clear to me from your complaint which provisions of the law you feel have been breached though you do imply that it is unlawful to obtain images of people and use them without consent. In data protection terms this is simply not true," wrote Evans from the ICO. "Consent is just one of the grounds for processing personal data and the regulatory focus must be on whether the processing is fair to individuals who might be identified and what safeguards are in place to deal with those relatively rare situations where it is not."
Technology lawyer Struan Robertson of Pinsent Masons, the law firm behind OUT-LAW.COM, has previously identified that Google may have breached the Data Protection Act while collecting images for Street View because people were not informed that photos were being taken. But he has said that this is not an important breach because Google would have to have broadcast the collection over loudspeakers from cars, which would not be practical.
The ICO agreed in the analysis it sent to Davies.
"It would clearly be impracticable to provide what the Act terms fair processing information to any individual who happened to be in a public place at the same time as the Google cameras," it said. "We would not expect any organisation collecting images in this way to go to such lengths unless the images were being collected for purposes which required the identification of individuals and which resulted in some decision being taken about them."
Evans's letter contained a stout defence of the broadly-welcomed pragmatic approach taken by the ICO in this regard. It outlined why a massive commercial service should not be halted because of some relatively minor privacy concerns of relatively few people.
"Our data protection strategy commits us to basing our interventions on what actually matters to those we are seeking to protect and how likely it is to occur," said Evans, responding to Davies's charge that neither Google nor the ICO consulted the community on the impact of Street View. "We do take the 'community expectations' into account but it is clear to us that the 'community' expect that good regulation is, to a large extent, pragmatic regulation. In our opinion, there is no clear evidence that the community find Streetview particularly harmful or insidious."
UPDATE, 23/04/2009: The ICO issued a statement about Street View today. In it, David Evans states that "putting images of people on Google Street View is very unlikely to formally breach the Data Protection Act."
"It is important to highlight that putting images of people on Google Street View is very unlikely to formally breach the Data Protection Act," said Evans. "Watch the TV news any day this week and you will see people walking past reporters in the street. Some football fans’ faces will be captured on Match of the Day and local news programmes this weekend – without their consent, but perfectly legally."
"In the same way there is no law against anyone taking pictures of people in the street as long as the person using the camera is not harassing people. Google Street View does not contravene the Data Protection Act and, in any case, it is not in the public interest to turn the digital clock back. In a world where many people tweet, facebook and blog it is important to take a common sense approach towards Street View and the relatively limited privacy intrusion it may cause."
The statement added:
"The ICO has received a number of complaints and enquiries about Google Street View. These include those from people who are unhappy that their image is on Street View, those who are unhappy at the prospect of their/anyone else’s image potentially appearing, as well as those who are positive about the idea."
The regulator said that it would keep the operation of Street View under review and take steps to address issues raised by individuals who feel that Google has not removed problematic images.