To recap: In 2009, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data. In April, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google $25,000 for impeding the agency’s investigation into the private data collected and retained via its Street View product.
The online services giant also faced questions from states over the data collection. Now, the Washington Post reports that Google has reached a settlement (Connecticut pdf; archive pdf) with 38 states and the District of Columbia over the collection and retention of individuals’ personal data through its Street View product, but the company will only have to pay $7 million total and implement a privacy program. The Post reports:
Google will institute enhanced employee privacy training and create a public campaign about the importance of securing wireless networks as part of a $7 million settlement with state officials who were investigating the company’s controversial Street View program, the officials announced Tuesday.
The settlement, elements of which were reported last week, closes the last of several U.S. investigations into allegations that Street View acted illegally by intercepting data transmitted over WiFi signals, collecting personally identifiable information such as e-mails and Web site visitations along the way. […]
Privacy advocates have called Street View’s intrusions severe and pressed for aggressive sanctions. The Federal Trade Commission, however, closed its case without a fine. The Federal Communications Commission issued a $25,000 fine, mainly for Google allegedly hindering the investigation.
Attorneys general from 38 states and the District of Columbia pressed ahead, eventually winning the $7 million settlement and several other concessions. Google does not acknowledge any violations of law in the settlement. […]
Other privacy advocates were not as impressed. American Consumer Institute President Steve Pociask issued a statement saying, “Google gets off easy once again with a paltry $7 million fine to over 30 states for collecting personal consumer information from unsecured WiFi networks. With revenue of $100 million a day, the fine is just a drop in the bucket and not enough to deter bad behavior.”
Check out Paragraph 16 and its subsections in the settlement (pdf) to see the details of the privacy program that Google has agreed to implement.