France Fines Google Over Street View Privacy Gaffe

Matthew Broersma,

The French government has fined Google 100,000 euros for breaching privacy in its WiSpy Street View blunder

The French government on Monday fined Google 100,000 euros over the company’s collection of personal data via Street View cars.

Google admitted last May that its Street View cars had gathered data from Wi-Fi access points, as they passed on their mission to gather images of streets round the world.  The fine from France’s Commission Nationale de I’informatique et des Libertés (CNIL) is also partly in response to  Google collecting data on individuals via its Latitude geolocation service, without the individuals’ knowledge, despite having been told not to do so by the authorities.

“The CNIL considers that this lack of information constitutes a collection against the sense of the law,” The CNIL said in a statement.

Failure to comply

The CNIL also criticised Google for having failed to comply with a request to provide access to the software that caused the collection of personal data. Google has claimed that the collection of users’ personal data was due to a software error.

“Given… the breaches uncovered and their gravity, and the economic benefits accruing to the company Google by these breaches, the CNIL has decided to pronounce against it a pecuniary sanction of 100,000 euros,” the CNIL stated.

The CNIL said that it was the first government authority to analyse the data collected by Google’s Street View cars following a request in May of last year. Investigations were also launched in countries including Germany, Spain and Italy, as well as 30 US states.

Personal details

The CNIL analysis found that Google had collected not only technical details on Wi-Fi access points but also large amounts of personal data including websites visited, passwords, email addresses and email exchanges giving details of health or sexual orientation.

In June, campaigning group Privacy International compared Google’s actions to “placing a hard tap and a digital recorder onto a phone wire without consent or authorisation” and said an audit (PDF) published on Google’s blog was evidence that Google intended to break the law.

By contrast, in July the ICO said it had examined the data and concluded that it is free of any “meaningful personal details”.

Google has said it would co-operate with government agencies, and in the UK struck a deal with the ICO to delete all the collected data. The data was deleted shortly before Christmas of last year.