WASHINGTON -- A German regulator on Monday fined Google Inc., about $190,000 for illegally recording data from WiFi networks while taking mapping photos for its Street View service. The regulator complained the amount, limited by law, was too little to dissuade large companies from violating privacy laws.
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, said Google captured data from unencrypted WiFi networks from 2008 until 2010.
The company has been under fire for the data collection, which it said was unintentional, and has faced fines and investigations in the U.S. and abroad.
After a two-year investigation, the Hamburg regulator determined Google had “negligently and without authorization” captured and stored personal information.
“In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far,” Caspar said.
“It had never been the intention to store personal data, Google said,” he continued. “But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanisms failed seriously.”
Google said Monday that it “quickly tightened” its data collection systems to address the issue when it learned its Street View fleet was capturing WiFi data.
“The project leaders never wanted this data, and didn’t use it or even look at it,” the company said. “We cooperated fully with the Hamburg DPA throughout its investigation.”
Google was fined 145,000 euros, just short of the 150,000-euro maximum fine for negligent violations. The company could have been fined 300,000 euros for intentional breaches.
Caspar complained that the maximum fines available were “totally inadequate for the punishment of such serious breaches of data protection.” Google last week reported $14 billion in revenue for the first three months of the year.
“As long as violations of data protection laws are punishable by discount rates, the enforcement of data protection laws in a digital world with its high potential for abuse will be all but impossible,” he said.
European regulators are discussing increasing the maximum fines, he said.
Last month, Google agreed to pay a $7-million fine to settle an investigation by 38 states and the District of Columbia regarding improper collection of personal data from unsecured wireless networks as part of its Street View mapping.
Last year, the Federal Communications Commission fined Google $25,000 for hindering the agency’s investigation into Google’s data collection practices.