US fines Google $7 million over Street View

An assurance of voluntary compliance (AVC) document signed by Kent Walker for Google and Rhode Island attorney general Peter Kilmartin gives the details. Google has always denied that it collected WiFi content by design, but accepts that the data collected could include “a full email, complete email addresses, URLs, or other private information.” This happened, it insists, without the knowledge of Google executives. All of this data will be destroyed, and Google will not do it again “via Street View vehicles, except with notice and consent.”

Furthermore, “Google shall pay $7,000,000.00 (Seven Million Dollars) to be divided and paid by Google to each of the Attorneys General [of the 38 states concerned].” In return, the AVC “releases and forever discharges Google and its affiliates” etc, from all claims, actions, damages, fines etc due to the collection of WiFi by Street View.

In short, Google walks free and clear in the US on payment of $7 million and a promise to not do it again. It is the largest fine ever by US state attorneys general for a privacy violation but no more than a slap on the wrist to Google. “With revenue of $100 million a day, the fine is just a drop in the bucket and not enough to deter bad behavior," said Steve Pociask, the president of the American Consumer Institute.

Nevertheless, this contrasts with the action taken by the ICO for the same offense in the UK. In 2010, following his own investigation, Information Commissioner, Christopher Graham, said: "It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.” As a result, he forced Google to promise “that this will not happen again.”

Nick Pickles, head of UK privacy campaign group Big Brother Watch, commented, “yet again British consumers seem to be left with weaker protection of their privacy than other countries.” 

David Gorodyansky, founder and CEO of AnchorFree, believes that users should learn from this. “The ease with which personal data can be collected during unsecured internet use is terrifying,” he said. “There is not much you can’t learn about a person from looking at their emails, text messages passwords and web history.

Shockingly, the data collected by Google even included banking and medical records.” The onus is thus on the user. “The least we can do is take measures to protect our online data from strangers and would-be hackers.” These measures could include using a VPN to encrypt data, “particularly while using unsecured Wi-Fi networks,” he adds.

What’s Hot on Infosecurity Magazine?