The Information Commissioner insists the Google WiSpy incident was handled correctly
The Information Commissioner Christopher Graham is not backing down after a Tory MP labelled members of the Information Commissioner’s Office (ICO) as ‘Keystone Kops’ over their investigation of Google.
Earlier this week, Conservative MP Robert Halfon launched a fresh attack on the ICO. This new broadside was delivered when he discovered that the ICO had sent lawyers, not technical staff, to investigate Google’s Wi-Fi data breach.
Halfon has previously criticised the ICO in Parliament and labelled the ICO’s lack of action over Google as “lamentable”.
Its Not About Technology
However information commissioner Graham pointed out to the Daily Telegraph today that “most of the job that we do isn’t about technology – it’s applying [data protection and] freedom of information act legislation, and so you need to be an expert in that rather than a geek”.
Google had been given the all clear by the ICO back in July and escaped any punishment, after the search engine giant admitted in May that its Street View cars had taken Wi-Fi “payload” data. The ICO said at that time that the data collected could not be linked to any individuals.
But in late October Google admitted that its Street View cars had actually taken more personal data by Wi-Fi than first thought. This so-called “WiSpy” data included complete URLs, emails and passwords.
Significant Breach, But No Fine
This led Information Commissioner Christopher Graham (pictured) to conclude that there was a significant breach of the Data Protection Act by Google Street View cars, but instead of a hitting Google with a fine of up to £500,000, he instead asked Google UK to sign an undertaking to ensure that breaches of this kind cannot happen again. He also asked for an audit of Google UK’s data protection practices.
Graham made no apologies for this course of action. “Hang on,” he told the Telegraph. “What is the scale of Google’s offence? The company was collecting information about the position of Wi-Fi networks to make their geolocation stuff work,” he said.
He told the newspaper that his officials had seen data that “certainly didn’t amount to a significant cache of personally identifiable information”.
He also defended his decision not to hit Google with a financial penalty.
Securing Wins Where You Can
“In order to make a fine stick in front of the finest lawyers in the world I would have had to have shown that there was serious distress and damage caused to individuals whose personal information was captured after I was given powers to levy increased fines in April,” Graham is quoted as saying. He also said that such an endeavour would have meant his office stopping work on all other projects.
“You can’t run a regulator on the basis of looking at everything – you’ve got to secure wins where you can,” he told the newspaper. I’m certainly not going to stop every other thing that we’re doing to look for the killer needle in a haystack”
Graham insisted that he did well and achieved a huge amount with Google, as he now has their permission to look at their files, whether they like it or not. It was, as he puts it, “unfinished business”.
“When people say you’ve done absolutely nothing, I say you’re not paying attention,” he told the Telegraph. “We’ve done a lot – we’ve achieved a lot. Getting Google to accept that that ICO has a right to audit their compliance with the UK data protection act is a huge achievement that the ICO ought to get some credit for.”
The ICO cannot currently force organisations to reveal their data, even if they themselves confess to having done something wrong.
Fines On The Way?
Meanwhile it seems that Graham could be about to flex the muscles of the ICO after he said that it will impose the first fines on web companies who have invaded the privacy of members of the public. These, commissioner Graham was quoted as saying by the Telegraph, “will act as the benchmark” for the future standards of online data protection.
However, there have been no fines for data breaches since the ICO got the power to impose them. This is despite some spectacular losses of data recently.
What is clear that is the ICO will face increasing scrunity, especially from political circles, that it is acting in a robust enough manner.
The Commissioner himself conceded to the Telegraph that he has numerous critics: “A lot of people out there want somebody – probably not me – to be the privacy tsar,” he says. “But that’s not what the information commissioner is.”
However, many campaigners continue to call for Google to be prosecuted, but Graham said his role in the matter is clear.
“It’s cool heads and clear thinking – more light than heat,” he told the newspaper. “It might be more fun to be making high-sounding speeches, but that’s not what I’m here to do.”