Google has been hit with a €145,000 ($189,000) fine in Germany over the “negligent” collection of people’s personal data by Google’s Street View cars. The fine was levied by Hamburg’s data protection chief, Johannes Caspar, who made it very clear that he wished he could fine the company more.
This all follows on from the great Street View data collection scandal of 2010, where it emerged that Google’s vehicles weren’t just photographing roads and buildings, but also scraping fragments of emails, photos and passwords from open wireless networks that they passed. Google logs Wi-Fi access points in order to help its geolocation services locate the user more quickly, but the collection of data being transmitted over those access points was, Google has always argued, a terrible accident – the company blamed this on rogue code in its software.
Germany, the birthplace of data protection law, was always going to come down harshly on Google over what happened almost three years ago, and indeed Caspar levied almost the maximum €150,000 fine at his disposal for a merely negligent data protection breach. If he had not been convinced by Google that the breach was accidental, he would have faced a €300,000 cap – still hardly enough to make a difference to a company the size of Google.
Here’s what Caspar said in a statement:
“In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far. Google did cooperate in the clarification thereof and publicly admitted having behaved incorrectly. It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanisms failed seriously…
“As long as violations of data protection laws are punishable by discount rates, the enforcement of data protection laws in a digital world with its high potential for abuse will be all but impossible.”
Under the proposed new EU-wide data protection regulation, companies could be fined up to 2 percent of their annual turnover for such breaches, a level that Caspar said would “enable violations of data protection laws to be punished in a manner that would be felt economically.”
Incidentally, Germans need not worry about Street View cars scraping their data anymore, not just because Google says it has cleaned up its act, but also because the company stopped taking new Street View pictures in the country a couple of years back. This was after Google allowed Germans to apply to have their properties manually blurred out – so many people took the company up on this that it required the hiring of scores of temporary workers to carry out the blurring, and eventually Google just gave up.
Regarding Monday’s fine, Google released the following statement:
“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn’t use it or even look at it. We cooperated fully with the Hamburg [data protection authority] throughout its investigation.”