Google will pay $7 million to 38 states and the District of Columbia to settle an investigation into its Street View service, following claims it was used to collect passwords and other personal data from home wireless networks between 2008 and 2010.
Google agreed to eventually destroy the data collected in the United States. It is working with various European countries to determine how to handle the data it collected there.
Google did not acknowledge violating any US laws in the so-called assurance of voluntary compliance that it entered into with the states.
The $7 million fine, which will be split among the states involved in the investigation, represents a tiny fraction of Google's roughly $50.2 billion in 2012 revenue and its $10.7 billion in net income.
Marc Rotenberg, of the non-profit privacy advocacy group the Electronic Privacy Information Center, said the fine represents the largest in US history by state Attorneys General for violations of internet privacy.
Still, the settlement was met by criticism in some quarters.
"With revenue of $100 million a day, the fine [is] just a drop in the bucket and not enough to deter bad behavior," Steve Pociask, the president of the non-profit American Consumer Institute, said in a statement emailed to reporters.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Under terms of the deal, Google will implement an employee education program about user privacy and sponsor a nationwide public service campaign about protecting information on wireless networks.
"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it," Google said in a statement.
Google's Street View cars, well known for crisscrossing the globe and taking panoramic pictures of streets, accidentally collected data from unsecured wireless networks in more than 30 countries, Google disclosed in 2010. The company has said it "segregated" the data after it became aware it collected it.
Google has said it thought it was only collecting a limited type of WiFi data relating to a WiFi network's name and router numbers, to help the company develop location-based services, but later discovered that it was collecting so-called pay-load data including email messages, website addresses and passwords.
Google was fined $25,000 by the FCC for impeding its investigation into the matter. But the FCC said it would not take any enforcement action against Google for the incidents. The agency said it wasn't clear that Google violated federal wiretap laws by collecting unencrypted personal data that people transmitted over their wireless home (WiFi) networks.
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.