Google has been accidentally gathering extracts of personal web activity from domestic wifi networks through the Street View cars it has used since 2007, it said last night.
It was discovered as a result of a data audit demanded by Germany's data protection authority, and is likely to inflame critics of Google concerned about the web giant's use of private data.
As well as systematically photographing streets and gathering 3D images of cities and towns around the world, Google's Street View cars are fitted with antennas that scan local wifi networks and use the data for its location services.
In a post on its European Public Policy blog on 27 April, Google stated that although it does gather wifi network names (SSIDs) and identifiers (Mac addresses) for devices like network routers, it does not gather "payload" data passed through those wifi networks.
But yesterday Google blogged that the audit had prompted it to "re-examine everything we have been collecting" and admitted its mistake.
"It is now clear that we have been mistakenly collecting samples of payload data from open wifi networks, even though we never used that data in any Google products."
Google said it amounted to 600GB, equivalent to a consumer hard drive, but that this data consisted only of fragments of activity from open wifi networks. Password-protected web services, such as banking or secure HTTP addresses, would not have been included, and neither would data from password-protected wireless networks.
Google blamed the mistake on a piece of legacy code from an experimental project that had been re-used to programme equipment on the Street View cars, and said it will ask a third party to oversee deletion of the data and its procedures.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
Google said the discovery highlighted the vulnerability of data in open wifi networks. It has previously said other companies, including Skyhook and Microsoft, already scan wifi networks and gather information in this way.
Google Street View has been introduced in more than 20 countries, and has also been extended outside the initial 21 major UK cities.
But it has faced regular concerns about privacy, which started in Britain on the day of the launch after users found images of a man throwing up in the street and another leaving a sex shop. In April last year, residents in Broughton barricaded roads to stop the Street View car entering the village, saying it would encourage crime and was an invasion of privacy.
Google is struggling with stricter privacy laws in Germany, where it has yet to launch the service, and Switzerland where it was introduced in August. Despite a flood of demands from the European Union, including wiping its Street View images after six months instead of 12, Google has said it remains committed to Street View in Europe. It said reports that it would stop mapping streets in any more EU countries are inaccurate.