A privacy regulator in Germany fined Google €145,000 on Monday for its systematic, illegal collection of personal data while it was creating its Street View mapping service, and it called on European lawmakers to significantly raise fines for violations of data protection laws.
Johannes Caspar, data protection supervisor in the German city-state ofHamburg, said the fine, which was close to the €150,000 maximum he could legally levy, was woefully inadequate to stop the data practices of corporations as large as Google.
The fine levied by Mr. Caspar, the largest assessed so far by European regulators inEuropeover the practice, amounts to 0.002 percent of Google’s $10.7 billion in 2012 net profit.
Mr. Caspar said, “As long as violations of data protection law are penalized with such insignificant sums, the ability of existing laws to protect personal privacy in the digital world, with its high potential for abuse, is barely possible.
Mr. Caspar’s agency became the first to uncover Google’s collection of the data from Wi-Fi routers in Germany In 2010, and the company acknowledged that it had also collected similar data around the world, prompting uproar fromWashingtontoHong Kong.
Google characterized the collection as inadvertent and the result of a programmer’s error. Fragments of personal e-mails, photographs and other unencrypted digital data were collected by Google’s fleet of Street View automobiles as they passed by homes compiling panoramic maps that cover about five million miles of roadway in 49 countries.
Peter Fleischer, the Google global privacy counsel, reiterated the company’s regrets, and said Google had taken internal steps to make sure the violations were not repeated.
Fleischer said in a statement that, “We work hard to get privacy right at Google,”. “But in this case we didn’t, which is why we quickly tightened up our systems to address the issue.”
The Google project leaders had inadvertently collected the data, he reiterated. “We never wanted this data, and didn’t use it or even look at it,” Mr. Fleischer said. “We cooperated fully with the Hamburg D.P.A. throughout its investigation.”
Google said it would not appeal the fine.
The disclosures set off a series of investigations by regulators around the world, most of which were settled by Google with a simple apology or with fines that were considered trivial for the world’s biggest Internet search company.
In March, Google agreed to pay a fine of $7 million and to aggressively police its own employees on privacy issues to settle a lawsuit brought by 38 states in theUnited States. In Europe,IrelandandBritaindropped their inquiries and did not impose fines after Google agreed to delete data illegally collected in their countries.
The French regulator, the National Commission on Computing andLiberty, fined Google €100,000 in 2011. The lone criminal investigation to result from the incident, initiated by the state prosecutor inHamburg, was closed without charges being brought last year.
Privacy law is enforced at the national level in the European Union. The top E.U. privacy body, the Article 29 working group, is an advisory committee to the European Commission and does not have the legal power to levy fines.
Mr. Caspar, theHamburgprivacy regulator, called on European lawmakers who are considering revisions to the main data protection law for the 27-nation European Union to allow for fines of up to 2 percent of a company’s annual sales. Based on Google’s revenue last year, the maximum fine could have totaled $1 billion.
Mr. Caspar described the proposed 2 percent penalty for data protection violations as “economically significant.” European lawmakers are not expected to complete their deliberations on the privacy revisions until next year at the earliest.