German regulator complains Google’s Wi-Fi snooping fine should be bigger
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, announced the fine today, saying Google “illegally collected and stored personal data”, which it took from Wi-Fi connections when it collected information for its Street View mapping product.
“In my opinion, it is in fact one of the largest known data breaches ever,” Caspar said. “The company’s internal control mechanisms have failed in a significant way.”
Caspar complained about the caps on fines, saying European regulators needed more power to issue sterner penalties for bad breaches. “As long as privacy violations can be punished only at discount prices, enforcement of data protection law in the digital world with its high abuse potential is hardly possible,” he added.
Germany’s fining limit is currently €150,000 for cases of negligence that led to a data breach, whilst in the UK it currently stands at £500,000 for any kind of breach. Many believe that isn’t enough, hence why the European Commission wants to introduce fines for up to two percent of companies’ turnover, as part of an overhaul of EU data privacy law.
“Yet again Google has played fast and loose with people’s personal information, but there is a real risk that the amount of money they have being fined is largely insignificant and totally fails to act as a deterrent to other businesses,” said Nick Pickles, director of Big Brother Watch.
“As the regulator has also pointed out, this case highlights the problem with maximum fines for privacy breaches being incredibly low compared to the turnover of the companies responsible for these kind of services.”
Peter Fleischer, Google global privacy counsel, said: “We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue.
“The project leaders never wanted this data, and didn’t use it or even look at it. We cooperated fully with the Hamburg DPA throughout its investigation.”
The ICO has expressed a desire for larger fining capabilities in the past. It is expected to make its final decision on the Google Street View Wi-Fi slurping case in the next month.
Google has already been hit with a €100,000 penalty in France, whilst in the US the Federal Communications Commission (FCC) initially issued a $25,000 fine over the privacy incident.
In March, it was reported Google was to pay a $7 million settlement to end the US government’s probe into the Street View data slurping.
Google voluntarily admited in 2010, that the cars which take images for its Street View service, adding visuals to Google Maps, had been capturing and storing data from unsecured Wi-Fi networks on their route. This gave Google a huge stash of personal data, which it claims it had no intention of using, and has since deleted.
Are you a pedant on privacy? Try our quiz!