According to the commissioner, Johannes Caspar, Google handled the data negligently and that too without authorization. The maximum fine was chalked at $380,000 but, because Google didn’t intend to gather the data the fine was reduced to half of the maximum. Google admitted to collecting and storing data starting 2008 in 2010.
“It had never been the intention to store personal data, Google said. But the fact that this nevertheless happened over such a long period of time and to the wide extent established by us allows only one conclusion: that the company internal control mechanisms failed seriously,” said [PDF] Capsar.
The commissioner however noted that enforcement of data protection laws through penalties at discount rates wouldn’t be possible. He also noted that the current regulation that is being discussed “in the context of the future European General Data Protection Regulation, whereby a maximum fine of 2% of a company’s annual turnover is provided for, would, on the other hand, enable violations of data protection laws to be punished in a manner that would be felt economically.”