News release: “[April 19, 2011], the Dutch Data Protection Authority (College bescherming persoonsgegevens, CBP) has issued several administrative orders against Google for incremental penalty payments. Investigations by the CBP show that Google has, for a period of two years, systematically, and without the data subjects knowledge, collected MAC addresses of more than 3,6 million WiFi routers, in combination with the calculated location of those routers. This was done by using the so called Street View cars. MAC addresses in combination with their calculated locations, qualify, in this context, as personal data, because the collected data provide information about the WiFi routers owners. The Dutch DPA also concludes that Google, using the same Street View cars, collected so called payload data, the contents of internet communication. This information contains personal data such as e-mail addresses, medical data and information concerning financial transactions.
Google has been ordered to, within three months, inform the data subjects off line as well as on line about the collection of data originating from WiFi routers by the Street View cars. Within the same period of three months, Google must also offer an on line possibility to opt-out from the database in order to enable people to object to the processing of the data concerning their WiFi routers. In case Google does not comply with the administrative order within the time period granted, the penalty amount can increase to a maximum of one million euros. Furthermore, Google is obliged to destroy the payload data it has collected in the Netherlands within four weeks. Read the Dutch press release and the relevant documents (only in Dutch).”