If I remember correctly Google said they would keep the data until the Canadian authorities had stated they had finished examining it to determine what laws were breached. Once the evidence had been evaluated and they get authorization, they will delete it. Basically they are saying they won't delete evidence of a possible wrong doing until the appropriate authorities say it is OK. This means that they have to hold on to the data collected in each country until they get permission from that country's authorities. Sounds like and administrative nightmare.
Its also a perfect example of how the laws don't reflect how the technology was designed to work. WAPs are designed to handle two situations:
- I want to share with everybody, a.k.a "Open WAP"; and
- I want to share with only a select few, a.k.a. "Encrypted or closed WAP".
From the technology design point of view if you run across an open WAP then you "know" they want to share. If its closed then you know they don't. I agree that it gets very grey when you knowingly start to collect user ids and passwords. If its an automated download of everything that is available, sort of like a wget, then you can argue the stuff should have been secured.
The laws try to protect the group of people who are too lazy to learn how and why you should secure a WAP as well as your data. The problem is how to differentiate between those open WAPs that people want to share from those where people don't.