Hamburg's DPA fines Google for Street View

The German city state of Hamburg has today issued a fine of 145,000 euros on Google for its data collection during Street View operations. The DPA says that the company collected personal data during 2008-2010 through unencrypted Wifi connections. Personal data captured included emails, passwords and photos. Google has now deleted the illegally captured data.

The Hamburg Data Protection Commissioner, Johannes Caspar, said: "In my estimation this is one of the most serious cases of violation of data protection regulations that have come to light so far. Google did cooperate in the clarification thereof and publicly admitted having behaved incorrectly. It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanisms failed seriously,"

In 2011, Google was fined 100,000 euros in France. At the time, the penalty was the largest ever handed out by the French DPA, the CNIL.

However, the US has seen the toughest enforcement measured in monetary terms. Last month, on 8th March, Google agreed to pay a $7 million payment for civil penalty and other purposes to state Attorneys General for its collection of personal data via Street View vehicles in the US. A coalition of US state Attorneys General also ordered Google to organise regular employee training, organise a privacy week once a year in its offices, implement a privacy programme, and design and implement a programme about educating consumers about the use of wireless services by using YouTube, Google Blog, and newspapers ads.

See the press release by Hamburg's DPA.

See the document about Google's voluntary assurance of compliance in the US.