View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 4, 2010updated 19 Aug 2016 10:05am

Has the Information Commissioners’ Office lost its bottle?

Google breached Data Protection Act but faces no fine

By Jason Stamper Blog

Google wi-fi snooping

The news that the Information Commissioners’ Office (ICO) will not issue Google with a fine for what it described as a "significant breach" of the Data Protection Act has enraged privacy advocates.

The row centres on Google’s capturing of data from unsecured wireless networks via antenna on its Street View cars, which have been touring this and other countries ostensibly to photograph street scenes. Google said the capturing of data being broadcast on private wi-fi networks was a mistake, and that it is "profoundly sorry".

Yesterday the Information Commissioner Christopher Graham said:

"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act. The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."

Not good enough, say privacy advocates. A letter signed by Privacy International, NO2ID, Big Brother Watch, Action on Rights for Children and the Open Rights Group, described the decision to merely audit Google in future as, "the latest episode in a litany of regulatory failure that brings disrepute on the Commissioner’s office and which calls into question whether the ICO is fit for purpose."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

They argue that the ICO has been inept over the Google case from start to finish. It’s not the first time the ICO has been accused of lacking teeth.

True enough, it was a request for information by German authorities – the ICO was nowhere to be seen – that first uncovered the harvesting of personal data by Street View cars. And though this came to light in April, the ICO only visited Google to take a look at a sample of the data it had gathered in the UK on July 15th. After that visit, it said:

"On the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data."

It was only after news that Canada and Spain had both ruled that Google’s moves had breached their laws that the ICO announced that it, too, does now believe that Google made a "significant breach" of the Data Protection Act. But despite that finding, the Information Commissioner’s Office has said it won’t issue a fine – it has the power to issue fines of up to £500,000 – not least because Google has promised not to do it again.

The letter from those privacy groups fumes that:

"The ICO has completed a full reversal of its position… In our view the ICO is incapable of fulfilling its mandate. The Google incident has compromised the integrity of the Office. We can think of very few substantial privacy issues over the past ten years that the ICO has championed. In most cases the Office has become part of the problem by either ignoring those issues or by issuing bizarre and destructive rulings that justify surveillance rather than protecting privacy."

An ICO spokesperson said that it couldn’t issue a fine in this case because it would be hard to prove the breach had caused "substantial harm or substantial distress". And besides, most of the payload data was captured before April 6, when the ICO was granted its powers of fines of up to £500,000. Case closed.

Follow this author on Twitter: www.twitter.com/jasonstamper

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU