EU Regulators Fine Google $189K for StreetView Data Privacy Violations

By Todd R. Weiss  |  Posted 2013-04-22

EU Regulators Fine Google $189K for StreetView Data Privacy Violations

Google is being hit with an $189,167 fine in Germany for collecting user data without fully disclosing the practice as Google StreetView vehicles combed German streets collecting information for its maps back from 2007 to 2010.

The fine was handed down by Johannes Caspar, the data-protection supervisor in Hamburg, according to an April 23 report by The New York Times. The fine was just under the $195,000 maximum fine that Caspar was able to legally consider, which Caspar said is not high enough nowadays to stop such practices, the report continued. The fine amounts to only about 0.002 percent of the $10.7 billion net profit reported by Google in 2012.

"As long as violations of data-protection law are penalized with such insignificant sums, the ability of existing laws to protect personal privacy in the digital world, with its high potential for abuse, is barely possible," Caspar told the Times. The amounts of such fines need to be dramatically increased and made more painful for companies so that they better protect user privacy, he said.

The StreetView program came under scrutiny both in the United States and in Europe after it was learned that Google was gathering the information street-by-street between 2007 and 2010, according to an earlier eWEEK report.

Google didn't just collect photos of houses and businesses. It also intercepted data from WiFi modem transmissions that included personal data such as passwords, emails, text messages, users' Internet usage histories, as well as other WiFi information. According to a 2012 report from the U.S. Federal Communications Commission, the StreetView vehicles had collected more than 200GB of such payload data.

Google officials maintained that the data on the WiFi networks was being used to help Google create better location-based services, after initially denying that payload data had been collected. They later admitted that the StreetView cars had collected such personal information and laid the blame at the feet of a rogue engineer whom they said put that capability into the software on his own accord.

Caspar's agency was the first to uncover Google's collection of such data from WiFi routers in Germany back in 2010, the Times reported. Soon after, Google said it had collected similar information through StreetView in other nations around the world.


EU Regulators Fine Google $189K for StreetView Data Privacy Violations

A similar case in the United States was resolved in March when a $7 million settlement was reached between Google and the U.S. government to end a probe into the StreetView imaging program, which for three years collected personal information on users wirelessly as the StreetView vehicles drove around taking photographs, according to an earlier eWEEK report.

The $7 million fine against Google was designed to resolve investigations that were under way by some 30 state attorneys general over the controversial StreetView program.

Google's progress on developing clearer, better-known policies regarding how it will use any of the personal data belonging to its users has become a sore point with many governments around the world, which say that the search giant is not moving quickly enough to address such privacy concerns.

Earlier in April, in a related move, six European nations, including Germany, announced that the slow pace of Google's progress on privacy issues is causing them to plan their own steps to ensure improved data privacy for their citizens. That could mean hefty fines and deeper investigations into Google's actions on user privacy. The move is being eyed by a European task force being led by France's National Commission for Computing and Civil Liberties (CNIL), which has been waiting since last October for a response from Google on how the search giant would make privacy improvements to protect users of its online services.

In January 2012, Google announced major changes to its data privacy policies, which folded 60 of its 70 previously separate product privacy policies under one blanket policy and broke down the identity barriers between some of its services to accommodate its then-new Google+ social network, according to an earlier eWEEK report. Google's streamlining came as regulators continued to criticize Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols. The Google privacy policy changes went into effect March 1, 2012.

However, these moves haven't satisfied European authorities. Google, according to a CNIL statement, still "has not implemented any significant compliance." Involved in the case are consumer protection authorities from France, Germany, Italy, the Netherlands, Spain and the United Kingdom. And it appears the authorities in Europe have run out of patience.

"It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," said the statement.

Google could potentially be fined about $1 billion for shortcomings in its data privacy policies in Europe, according to an earlier eWEEK story.


Rocket Fuel