To recap: In 2009, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data. In April, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google $25,000 for impeding the agency’s investigation into the private data collected and retained via its Street View product.
The online services giant also faced questions from states over the data collection. Last month, the Washington Post reports that Google has reached a settlement (Connecticut pdf; archive pdf) with 38 states and the District of Columbia over the collection and retention of individuals’ personal data through its Street View product, but the company will only have to pay $7 million total and implement a privacy program.
Now, the New York Times reports that Google will again pay a minimal fine over its Street View private data collection, this time to a privacy regulator in Hamburg, Germany:
BERLIN — A German privacy regulator fined Google €145,000 on Monday for the systematic, illegal collection of personal data while it was creating the Street View mapping service, and called on European lawmakers to significantly raise fines for violations of data protection laws.
Johannes Caspar, the data protection supervisor in Hamburg, said the fine, which was close to the maximum of €150,000, or $195,000, that he could legally impose, was woefully inadequate to stop the collection practices of companies as large as Google.
The fine levied by Mr. Caspar, the largest assessed so far by European regulators over privacy concerns, amounts to roughly 0.002 percent of Google’s $10.7 billion in net profit last year. […]
Peter Fleischer, Google’s global privacy counsel, reiterated the company’s regrets, and said it had taken internal steps to make sure the violations were not repeated. […]
Anna Fielder, a trustee at Privacy International, a group based in London that supports strong data protection laws, said the existing legal regimes in Europe and much of the world were ill equipped to meet the challenges of protecting personal information.
“Germany has the strongest data protection laws in Europe, and this is all they could do,” Ms. Fielder said. “Most businesses are not complying with data protection laws because the costs of noncompliance — I mean these tiny penalties — are so low.”
Google’s disclosure that it had collected the private information set off a series of investigations by regulators around the world, the majority of which were settled by Google with a simple apology or with fines that were considered trivial for the world’s biggest Internet search company.