Google initially began recording the MAC addresses, SSIDs and GPS coordinates of Wi-Fi access points to improve its Google Latitude location-sharing service. The data enabled it to precisely locate users connecting to Latitude or Google Maps using Wi-Fi-capable mobile devices without GPS, a rare feature in smartphones at the time.
The CNIL acknowledged that Google had complied with its order of May 26, 2010, to stop collecting Wi-Fi data with its Street View cars, but criticized the company for continuing to use the data already collected without the permission of the owners of the Wi-Fi access points concerned.
It also slammed the company for continuing to collect the same data through other means: Smartphones today often have GPS and Wi-Fi, allowing Google to precisely locate Wi-Fi access points from its users' phones, rather than the other way around.
"The unfair character of the data collection continues, at least in part, and constitutes a persistent failure to comply with the terms of May 26, 2010 order," the CNIL's ruling said.
Now that the CNIL has completed its investigation, Google can at last delete the data it captured.
"Deleting the data has always been our priority, and we're happy the CNIL has given permission for us to do so," said Google Global Privacy Counsel Peter Fleischer via e-mail.
"We are profoundly sorry for having mistakenly collected payload data from unencrypted Wi-Fi networks. As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities," he said.
Sign up for CIO Asia eNewsletters.