Google has accepted a fine from the German data protection authority over its mistaken and unused collection of WiFi data using Google Street View cars.
The €145,000 fine comes nearly three years after we first learned about the Street View WiFi data collection in May 2010.
In a statement, the Hamburg Commissioner for Data Protection and Freedom of Information accepted that Google had made a mistake but said that the firm could not be allowed to get away with it.
“In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far. Google did cooperate in the clarification thereof and publicly admitted having behaved incorrectly,” said Hamburg commissioner for data protection and freedom of information Johannes Caspar.
“It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanisms failed seriously.”
Google repeated its earlier statements that the data was collected in error and never used.
“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue,” said a Google spokesperson. “The project leaders never wanted this data, and didn’t use it or even look at it. We cooperated fully with the Hamburg DPA throughout its investigation.”
Caspar suggested that were it not for the confines of the regulatory system Google could have been fined more.
“As long as violations of data protection laws are punishable by discount rates, the enforcement of data protection laws in a digital world with its high potential for abuse will be all but impossible,” he said. “The regulation currently being discussed in the context of the future European General Data Protection Regulation, whereby a maximum fine of [two] percent of a company’s annual turnover is provided for, would, on the other hand, enable violations of data protection laws to be punished in a manner that would be felt economically”.
The WiFi “snooping” was committed between 2008 and 2010. Google has deleted the data collected.
This article was originally published on the Inquirer.