More Legal Woes for Google
Recently, Google announced that Google Health will be retired Jan. 1, 2012, with data available through Jan. 1, 2013. In the future, Google may face claims that it may have violated 1996 HIPAA laws regarding protection of personal health records. Once individuals started posting their personal health records on Google Health, were they secure and private?
07/13/11 5:00 AM PT
In 2010, Google admitted that when collecting Street View photos around the world it also collected data from unsecured wireless networks. That led to a bunch of lawsuits.
Recently, U.S. Federal Judge James Ware refused to dismiss a class action lawsuit based on allegations that Google violated the U.S. Federal Wiretap Act by collecting unsecured WiFi data when taking Street View photos.
The WiFi Data Uproar
To the surprise of many, Google confirmed that its Street View Cars had been capturing WiFi network information in addition to Street View Photos dating back to 2006. Google claimed that this WiFi network information was used to improve location-based services like search and maps.
Specifically, Google acknowledged that it collected the following WiFi information:
WiFi networks broadcast information that identifies the network and how that network operates. That includes SSID data (i.e. the network name) and MAC address (a unique number given to a device like a WiFi router). Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.
Around the world, a number of privacy groups have been unhappy about Google Street View Photos, and now new privacy concerns abound regarding Google's collection of WiFi network data.
On May 14, 2010, the Irish Data Protection Authority asked Google to delete its WiFi network data collected in Ireland. Apparently, despite Google's assertion that the collection was legal, Google must have agreed to abide by the request, because on May 16, 2010, the destruction of this WiFi network data was confirmed by a third party consultant.
However, one might wonder how the consultant could confirm that all the data was actually destroyed without reviewing every Google computer network, and that is probably impossible to do.
Class Action Lawsuits
A number of class action lawsuits were filed against Google in addition to the one in Judge Ware's court in California. However, Judge Ware's ruling appears to be the first to interpret the 1986 Electronic Communications Privacy Act (ECPA). The ECPA was an amendment to the 1968 Federal Wiretap Act, and of course when the ECPA was enacted, the Internet was very different than it is today, in that it was directed at protecting radio communications.
Applying the 25-year-old ECPA to WiFi data shows how complex Internet law is. Even though the WiFi data captured by Google were not radio communications, Judge Ware managed to apply the ECPA, which preempts state wiretap laws and allows the class actions to proceed against Google under the ECPA.
Retiring Google Health
In the future, Google may face claims that it may have violated 1996 HIPAA laws regarding protection of personal health records. Once individuals started posting their personal health records on Google Health, were they secure and private?
Recently, Google announced that Google Health will be retired Jan. 1, 2012, with data available through Jan. 1, 2013. Google Health's goal was "to create a service that would give people access to their personal health and wellness information," but Google made the following announcement:
Google Health is not having the broad impact that we hoped it would. There has been adoption among certain groups of users, like tech-savvy patients and their caregivers, and more recently fitness and wellness enthusiasts. But we haven't found a way to translate that limited usage into widespread adoption in the daily health routines of millions of people.
Google announced the means by which users could retrieve their Health data:
If you're a Google Health user, we've made it easy for you to retrieve your data from Google Health any time before January 1, 2013. Just go to the site to download your information in any of several formats: you can print and save it, or transfer it to other services that support industry-standard data formats. Available formats include:
- Printable PDF including all the records in your Google Health profile
- Industry-standard Continuity of Care Record (CCR) XML that can be imported into other personal health tools such as Microsoft® HealthVault™
- Comma-separated value (CSV) files that can be imported into spreadsheets and database programs for ongoing tracking and graphing
- HTML and XML versions of the original "data notices" sent to your Google Health profile by linked data providers
- A unified ZIP archive that includes all files you've uploaded to your profile, plus all of the formats above
Given the federal government's investment of more than US$19 billion to automate health records, it's interesting to see that Google Health was not a winner in this space. In the future, Google still has risk that Google Health records were mismanaged, so we all need to stay tuned for potential HIPAA claims. But personal health record privacy under HIPAA may still remain an issue for Google's future.
Is the Google Android at Risk?
Google's Android technology may be a patent-infringement risk, since Google was a big loser in the bidding war for 6,000 Nortel patents, which were purchased by a consortium of Microsoft, Apple, RIM, Sony, Ericsson, and EMC.
Google's early bid of $900 million indicated it had great interest in protecting its telecommunications market space. Given the nature of the consortium companies, they may try to limit Google's growth in the smartphone market by filing patent-infringement lawsuits or requesting very high license fees, but only time will tell if the Google Android is really at risk.
Google Antitrust Problems?
Google started hiring outside counsel after the U.S. Federal Trade Commission recently launched an investigation into Google's search business. One of the lawyers Google hired was Jeffrey Blattner.
Blattner was a prosecutor in the Microsoft antitrust case when he was an attorney at the US Department of Justice. These claims by the FTC are very different than those in the Microsoft case. That case settled in 2002, and the DoJ oversight of Microsoft's products finally ended earlier this year.
Google is such a large company with such diversified interests that it has become a target for a variety of issues. These issues will likely continue to grow with the company, as Google expands its depth and reach.