Germany fines Google €145,000 over personal data collection

22 Apr, 2013 19:17 / Updated 12 years ago

Google has been fined €145,000 by a German privacy regulator for the systematic and illegal collection of personal data while it was creating its Street View service, calling on European lawmakers to increase fines for violating data protection.

The fine slapped Monday on Google by Johannes Caspar, the data protection supervisor for the German city of Hamburg, was close to the €150,000 maximum allowed by EU law, and amounts to 0.002 percent of Google’s $10.7 billion net profits in 2012.

Despite the penalty Caspar stressed his dissatisfaction, saying the fine was “completely inadequate” to stop corporations as large as Google from unscrupulous data practices.

“As long as violations of data protection law are penalized with such insignificant sums, the ability of existing laws to protect personal privacy in the digital world, with its high potential for abuse, is barely possible,” Caspar said as quoted by The New York Times.

Casper’s Hamburg agency became the first in 2010 to uncover Google’s collection of data from Wi-Fi routers in Germany. The agency said Monday that the web giant admitted collecting data including emails, passwords, photos and chat protocols from 2008-2010 as it prepared to launch its Street View service.

Fragments of personal e-mails, photographs and other unencrypted digital data were collected by Google’s fleet of Street View cars as they passed by homes compiling panoramic photograph maps of about 5 million miles of roadway in 49 countries.

Google said the collection was unintentional and the result of a programmer’s error. Peter Fleischer, from the Google global privacy council, reiterated the company’s regrets and said that a series of internal procedures had been implemented to make sure there were no future privacy violations.

“We never wanted this data, and didn’t use it or even look at it. We cooperated fully with the Hamburg D.P.A. throughout this investigation,” said Fleischer.

After the Hamburg disclosure, Google acknowledged that it had uncovered similar data from round the world. This set off a series of investigations by regulators globally, most of which were settled with a simple apology from Google or with somewhat trivial fines for the internet giant.

Britain and Ireland both dropped their claims after Google agreed to delete data collected in their countries.

While in the US, Google agreed to pay a fine of $7 million and police its own employees on privacy issues after a lawsuit brought about by 38 states.

In the EU, privacy laws are enforced on a national level. However, Caspar has called on European lawmakers who are considering revisions to the main EU wide data protection law to allow for fines for up to 2% of a company’s annual sales. This would mean, that based on last year’s revenue, Google could have received a maximum fine of $1 billion. He described the proposed 2% penalty as “economically significant”. 

European lawmakers are not expected to complete their deliberations on privacy laws until at least next year.