In April 2013, Google was fined by the German data regulator £125,000 for recording and storing data illegally from homes using unsecured Wi-Fi networks. The information was collected by Google whilst it was gathering material for its Streetview project. The Hamburg data regulator Johannes Caspar was clear: “In my opinion, this case constitutes one of the biggest known data violations in history” he said.
Google Streetview provides internet users panoramic views from positions along streets all over the world. Launched in May 2007 in the United States, it has since expanded to include cities and rural areas worldwide. The ultimate aim, says Google, is to “map” the world.
The Google cars gathered their data in Germany between 2008 and 2010. Unfortunately, the technology used also recorded data that was transferred over networks that were not secure- including emails, photographs, and private passwords. Google said this data gathering was an accident and that it deleted the material immediately.
In November 2012 the German state prosecutors declared that a criminal prosecution of Google was unnecessary. But the German data regulators did pursue the case. An entirely unscientific poll in which lawyers, journalists and business people were asked (by this writer) how much they thought the German regulators had fined Google ranged from €35 million to €500 million. The actual fine of £125,000 (€145,000) is very nearly the maximum of €150,000 that the German regulators could fine the company. It is also only .005% of Google’s annual profits- if Google’s projected revenue of $61 billion this year is correct.
The German fine follows a pattern of low fines for Google: In France, the data regulator fined Google €100,000 (£85,000) in 2011 for the same activity; in the US Google has agreed to pay $7 million (£4.5 million) in a case brought by 38 US states over Streetview data gathering. Google were apologetic: “We work hard to get privacy right at Google. But in this case we didn’t”.
29 data regulators from the six European countries are involved in the investigation.
What fines should we expect if the investigation finds infractions? The French regulators, CNIL, can fine up to €300,000- about the amount that Google earns in 3 minutes. The English regulator can fine up to £500,000 for data regulation infraction.
But digital media insiders say the fundamental problem for those concerned about individuals giving up private and sensitive information is not simply that regulators cannot impose substantial fines. The bigger issue is that users are giving up data freely – perhaps without always fully understanding the implications.
Google users – not just the search engine but users of its other products, such as Youtube, Google Plus, and Gmail – have consistently shown a willingness to give up their privacy in exchange for convenience and new on-line services. The tiny bits of information gathered when you use a Google service provide powerful insights into consumer desires. “Google is massively powerful. People don’t realise that the amount of information they hold about people and companies is far greater than any government or company holds” said the insider.
Yet, he added, research conducted by his own media company revealed repeatedly that the vast majority of people will gladly give up private information rather than pay a relatively small sum, such as 5 or 10 pounds a month, in order to receive a service.
What Google is doing is no different from any other company. All search engines, social media companies, banks and shops – in fact almost any company with an online presence – is aggressively collecting as much data as it can from their users or visitors to their sites. For now, Google uses their data only for target advertising. As Google gets larger and expands its services even more, the question of what it’s collecting and how it’s using it will become more pressing.
Dina Shiloh is a solicitor at Mishcon de Reya. She specialises in defamation, privacy, and harassment