Germany Fines Google Over Street View Data Collection
A German regulator on Monday fined Google $190,000 for recording data from WiFi networks while taking mapping photos for its Street View service.
From 2008 till 2010, Google not only took photographs of streets and houses for its service Google Street View, but also at the same time captured wireless networks within range of the vehicles used for that purpose. As was admitte d by Google in response to an inquiry from the Hamburg Commissioner for Data Protection and Freedom of Information, content data of unencrypted Wifi connections had also been recorded in the course of this activity.
Among the information captured in passing were also large quantities of personal data, such as e-mails,passwords, photos and chat protocols, the Commissioner said.
After the facts of the case had been revealed in the year 2010, Hamburg's Department of Public Prosecutions initiated preliminary investigations, which were discontinued in November 2012. The Hamburg Commissioner for Data Protection and Freedom of Information thereupon took up the matter once again in the context of regulatory offence proceedings.
Google was also instructed to delete completely the illegally captured data.
"In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far. Google did cooperate in the clarification thereof and publicly admitted having behaved incorrectly. It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanism s failed seriously," said Johannes Caspar, the Hamburg Commissioner for Data Protection and Freedom of Information.
The regulator complained the amount, limited by law, was too little to dissuade large companies from violating privacy laws. Under European regulations, the maximum fine for an accidental violation is 150,000 euros.
"As long as violations of data protection laws are punishable by discount rates, the enforcement of data protection laws in a digital world with its high potential for abuse will be all but impossible. The regulation currently being discussed in the context of the future European General Data Protection Regulation, whereby a maximum fine of 2% of a company's annual turnover is provided for, would, on the other hand, enable violations of data protection laws to be punished in a manner that would be felt economically," Caspar added.
Last month, Google agreed to pay a $7-million fine to settle an investigation by 38 states and the District of Columbia regarding improper collection of personal data from unsecured wireless networks as part of its Street View mapping.
Among the information captured in passing were also large quantities of personal data, such as e-mails,passwords, photos and chat protocols, the Commissioner said.
After the facts of the case had been revealed in the year 2010, Hamburg's Department of Public Prosecutions initiated preliminary investigations, which were discontinued in November 2012. The Hamburg Commissioner for Data Protection and Freedom of Information thereupon took up the matter once again in the context of regulatory offence proceedings.
Google was also instructed to delete completely the illegally captured data.
"In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far. Google did cooperate in the clarification thereof and publicly admitted having behaved incorrectly. It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanism s failed seriously," said Johannes Caspar, the Hamburg Commissioner for Data Protection and Freedom of Information.
The regulator complained the amount, limited by law, was too little to dissuade large companies from violating privacy laws. Under European regulations, the maximum fine for an accidental violation is 150,000 euros.
"As long as violations of data protection laws are punishable by discount rates, the enforcement of data protection laws in a digital world with its high potential for abuse will be all but impossible. The regulation currently being discussed in the context of the future European General Data Protection Regulation, whereby a maximum fine of 2% of a company's annual turnover is provided for, would, on the other hand, enable violations of data protection laws to be punished in a manner that would be felt economically," Caspar added.
Last month, Google agreed to pay a $7-million fine to settle an investigation by 38 states and the District of Columbia regarding improper collection of personal data from unsecured wireless networks as part of its Street View mapping.