Skip to main content

Google: Better to Seek Forgiveness Than Permission?

Written by Amy Malone

For years, Google has been blazing trails in the technology world and along the way they have been caught in a few snares. The latest entanglement wrapped up this week as the company settled a two-year investigation led by an executive committee that represents 38 states and the District of Columbia over the company’s unauthorized collection of data from unsecured wireless networks (for historical background see our previous blog posts on this issue here, here, here and here).

Briefly, the investigation centered on Google Street View vehicles which were launched by Google to photograph areas for the Google Street View service.  While collecting data for Street View, the vehicles collected network identification information sent over unsecured wireless networks.  Google also gathered payload data that was transmitted over the networks while the vehicles were in the area—including the URLs of requested Web pages, email messages and other private information that was transmitted to or from the network user at the time.

The settlement includes a $7 million penalty that will be dispersed among the states. By way of example, Massachusetts will receive more than $327,000 in the settlement.  In addition, Google agreed to provide comprehensive privacy training to its employees; to sponsor a nationwide public service campaign to help educate consumers about securing their wireless networks and protecting personal information; and to continue to secure, and eventually destroy, the data collected and stored by its Street View vehicles nationwide between 2008 and March 2010.  The program will not be directly monitored, but according to the New York Times, if a state believes that Google is not upholding its end of the agreement the state can raise the issue to the executive committee.

Google asserts that they now think about privacy issues at the start of product development, a privacy-by-design approach that has been urged by the Federal Trade Commission (see the FTC’s report here).  Google is no stranger to settlements: last year they settled with the FTC for $22.5 million, the highest fine ever imposed in a single consent order.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.