Just last week, Google reported that the FBI has been essentially spying on thousands of Google account holders — legally — over the past few years. On Tuesday, the internet juggernaut copped to its own form of spying, in this case not necessarily so legally.

Google agreed to pay $7 million to settle claims by 37 states and the District of Columbia over its Street View program, in which company employees "casually scooped up passwords, e-mail, and other personal information from unsuspecting computer users" in 2008 through 2010 while driving around taking photos of houses, office buildings, and everything else you can, well, view from a street, says David Streitfeld in The New York Times.

This isn't Google's first legal settlement since admitting to the Street View privacy breach in 2010 — at least 12 countries have launched investigations, and nine found Google violated their laws, according to the Electronic Privacy Information Center — but it's the biggest. France's National Commission on Computing and Liberty nabbed a $130,000 fine in 2011, while the U.S. Federal Communications Commission docked Google for $25,000 for obstructing its investigation last April.

Still, nobody is particularly bowled over by this new settlement sum. Sure, $7 million would hit your wallet pretty hard, but "it's a relatively small sum for a company of Google's size," notes Martyn Williams at Computerworld, dryly. "To put the settlement in context, it's a little more than the $6 million bonus that Google will pay Executive Chairman Eric Schmidt for his work at the company in 2012." This fine probably won't even pay the states' legal fees, says Tim Worstall at Forbes. In fact, "I'd be willing to bet a substantial sum that each and every [one] of those states" spent more on lawyers than they'll get from their share of the settlement.

It's indisputable that "the $7 million fine is pocket change for Google, which has a net income of about $32 million a day," says The New York Times' Streitfeld. But "privacy advocates and Google critics characterized the overall agreement as a breakthrough for a company they say has become a serial violator of privacy." Few people even expected the states' lawsuit, launched in 2010 by then–Connecticut Attorney General Richard Blumenthal (now a U.S. senator), to amount to anything much at all. But Google isn't just losing millions; it's making what could be some pretty big changes, too.

Under the terms of the settlement, Google will train (or remind) its employees and lawyers about privacy issues each year for at least a decade, including an annual privacy week event, and launch a campaign to educate people on encrypting their WiFi networks and otherwise shielding their wireless data, through at minimum a YouTube video and ads in the largest newspapers in the 38 participating states. "There are minimum benchmarks Google has to meet," assistant Connecticut attorney general Matthew Fitzsimmons tells The New York Times. "This will impact how Google rolls out products and services in the future."

Consumer Watchdog grouses that "asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop." But if this doesn't fix Google's privacy issues, the bad PR might help. "It is the public opprobrium, not the money, that counts in these cases," former FTC consumer-protection official David Vladeck tells the Times. "We work hard to get privacy right at Google," said spokeswoman Niki Fenwick, in a sort of, kind of apology. "But in this case we didn't." At least everyone can agree on that.