The €100,000 ($141,300) penalty — the largest ever by French body CNIL — sanctions Google for collecting personal data from Wi-Fi networks — including e-mails, web browsing histories and online banking details — from 2007 to 2010 through its roaming camera-mounted cars and bicycles.
The fine is the first against Google over the data-gathering, which more than 30 countries have complained about. At least two other European countries are considering fines, while some others have ruled against penalizing Google.
Google Inc. has apologized and says it will delete the data.
"As we have said before, we are profoundly sorry for having mistakenly collected payload data from unencrypted Wi-Fi networks," Google's Global Privacy Counsel Peter Fleischer said in an e-mailed statement. "As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities."
Google has two months to appeal the fine. It hasn't yet decided whether it will, a company spokesman said.
The head of CNIL criticized Google for a lack of transparency and cooperation with its investigation, which it launched in 2009.
"They were not always willing to cooperate with us, they didn't give us all the information we asked for, like the source code of all devices in the Google cars," said Yann Padova, CNIL's executive director. "They were not always very transparent."
The incidents, which some critics have derisively labeled as "Wi-Spy," were caused by "an engineer's careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed," Canada Privacy Commissioner Jennifer Stoddart concluded in a report last October.
Several other countries have skewered Google for scooping up 600 gigabytes of data — equivalent to about six floors of an academic library — from Wi-Fi systems for more than two years before detecting a problem in response from to an inquiry from regulators in Germany.
Google initially said it had only captured fragments of people's online activities, but Canada's investigation determined that entire e-mails, passwords and website addresses had been obtained and stored.