According to a press release Monday, the Hamburg Officer for Data Protection and Freedom of Information issued a fine in the amount of €145,000 against Google Inc. for illegal recording of information from Wi-Fi networks.
While Google’s cars roamed the streets in Germany during the years 2008-2010, they not only took pictures of houses and streets, but they also illegally collected information from Wi-Fi networks in the reach of the cars. Google admitted that this also encompassed content information, e.g., emails, passwords, photographs, chat protocols, etc. While the public prosecutor closed the proceedings in November 2012 without bringing an action, the Hamburg DPA picked up on this in an administrative proceeding and now concluded bindingly that Google Inc. negligently collected data without authorization to do so. Concurrently with issuing the fine, the DPA instructed Google Inc. to immediately delete all information so collected, which has apparently already been confirmed by Google Inc.
While Google Inc. was cooperative in clarifying this incident, and remains adamant that the company’s intention was never to collect this information at all, this clearly indicates that the company’s internal control mechanisms failed severely.
It comes as no surprise to the Hamburg DPA that incidents like this happen in multinational companies – with fines of up to €300,000 for intentional violations as a maximum, and €150,000 for negligent acts, a deterring effect cannot be achieved. The impending change to a penalty of up to 2% of the annual turnover of a company, to be introduced by the new European Regulation, is likely to significantly increase the motivation for companies to implement proper control mechanisms and supervise their implementation and functioning.