Google will pay $7 million to 38 states and the District of Columbia to stop unauthorized data collection and train its employees on privacy issues.
The settlement concerns Google’s collection of data from unsecured wireless networks nationwide between 2008 and 2010 as part of its Street View mapping service. Google improperly collected and stored information from consumers including email and text messages, passwords and web histories.
“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue,” Google said in a statement. “The project leaders never wanted this data, and didn’t use it or even look at it. We’re pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement.”
As part of the settlement, Google must destroy the data it gathered during that time period. It must also run, for at least 10 years, a training program for employees about privacy and confidentiality of user data, as well as a public campaign to educate consumers about how best to secure their wireless networks.
Google has said it thought it was only collecting a limited type of WiFi data relating to a WiFi network’s name and router numbers, to help the company develop location-based services, but later discovered that it was collecting so-called pay-load data including email messages, website addresses and passwords.