The data protection office in the northern city of Hamburg said it had slapped the US Internet giant with a €145,000 penalty for privacy violations on what it called a nearly unprecedented scale.
It found that while specially equipped Google vehicles took city snapshots between 2008 and 2010 for its Street View function, which supplements its standard map service, they had also picked up data from unsecured wireless networks.
“Among the information gathered in the drive-bys were significant amounts of personal data of varying quality. For example emails, passwords, photos and chat protocols were collected,” the Hamburg authorities said in a statement.
“In my opinion this case constitutes one of the biggest known data protection violations in history,” said the office’s chief, Johannes Caspar.
The company, which cooperated with the probe, was also ordered to delete the data immediately.
Caspar complained that under German law his office was not able to impose a more painful penalty on a major multinational company, noting that the maximum fine for an accidental violation was €150,000.
Hamburg prosecutors had abandoned a criminal case against Google in November, when the data protection office picked it up as an administrative offence.
It found that the company had inadvertently assembled the data, but noted this constituted “a significant lapse of Google’s internal control mechanisms.”
Google said it had made a “mistake” in which the Street View vehicles had picked up “snippets of information” that were essentially useless and were never examined.
The company added that it had already expunged the data.
Authorities in Germany, where privacy concerns are particularly sharp due to gross violations under the Nazi and communist dictatorships, had already imposed restrictions on Google after a protracted dispute over Street View.