Between 4 March 2008 and 6 May 2010 Google has collected data about 3,6 million different WiFi routers, regardless whether the communication was encrypted or not. The company has also calculated a location for every WiFi router. In doing so Google has contravened the Dutch privacy act (Wet Bescherming Persoonsgegevens). MAC addresses combined with a calculated location constitute personal data because the data could provide information about the user of the WiFi router. By now, Google has stopped collecting WiFi data with Street View cars, but it still collects new data on WiFi routers every day via the users of its geolocation service.
In addition, Google has acted unlawfully by collecting the contents of communication from unencrypted WiFi networks. The CBP has analysed the data flow which was collected by Google and found it contained multiple personal data. These are data which can be traced to individuals and which originated from the contents of e-mails and from surfing and chatting.
A WiFi router enables computers to connect mutually within a network and with the internet. Each WiFi router has a unique number, a MAC address, which has been registered in the computer’s hardware by the manufacturer.
Against the incremental penalty payments Google may object and appeal in court.