Divided regulators meant Google was not punished properly for taking private Wi-Fi data, the ICO tells us
When Google’s Street View cars took private data from people, European regulators failed to effectively take the company to task, because their approach was fragmented, the British Information Commissioner’s Office (ICO) has admitted. However, the ICO itself is soon to give its final decision on any UK penalty for Google.
David Smith (pictured), deputy commissioner at the ICO, said this morning at a Westminster eForum event in London that European nations did not “do a very good job” of being consistent in reprimanding Google.
Google indiscriminately gathered private data from the Wi-Fi networks that its Street View cars passed, after a Google employee placed code in the cars’ software to gather it. Although the same thing happened across Europe, the punishments meted out by regulators varied widely – and this was not right, Smith told TechWeekEurope.
“The collection of payload data was common across much of Europe and there was a wide difference in terms of sanctions. Where there is one breach, the approach needs to be similar,” he said. “We will see more of that [consistency].”
ICO close to final Google decision
Google has not yet been handed a severe fine in this country, despite other punishments across Europe, with the French imposing a €100,000 penalty. After its initial investigation, the ICO said it didn’t have the right regulatory powers to fine Google when it was doing the data slurping.
It did reopen the case after it emerged Google had gathered more citizen information than had at first been thought, including medical details. The US Federal Communications Commission (FCC), which fined the tech giant $25,000 over the incidents, claimed that more than one Google employee knew about the information-pilfering code.
But nothing further has come of the Google case. An ICO spokesperson told TechWeekEurope it is hoping to make a final decision in the next month. That could result in a fine as high as £500,000 – the maximum penalty the ICO can currently enforce.
Earlier this month, it was reported Google was to pay a $7 million settlement to end the US government’s probe into the Street View slurping.
The EU is due to publish data privacy rules which are proving controversial. One good thing about the rules will emphasis on consistency across European regulators, Smith believes.
Not that the ICO is entirely enamoured with the European Commission’s data protection directive and regulation. It disagrees with using the term “the right to be forgotten” as it may promise too much to users, although they should be allowed to have their data deleted, Smith said.
The ICO also believes parts of the proposals are over-prescriptive, especially the need to have a data protection officer in every organisation with over 250 employees. That could be damaging for small to medium-sized businesses, the deputy commissioner added.
Are you a pedant on privacy? Try our quiz!