Google, the ICO and why nobody cares about your personal data

google_logoYou've got to wonder why the Information Commissioner's Office (ICO) bothers. Despite being responsible for the enforcement of the Data Protection Act, it seemingly does nothing to dissuade companies from pissing our personal information up the wall.

In July, the ICO investigated Google when it was revealed that their Street View Cars had captured data from unsecure WiFi networks. The ICO's conclusion?

"...we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data. There is also no evidence - as yet - that the data captured by Google has caused or could cause any individual detriment."

Skip forward just three months, and it appears that either Google were very selective about what they showed to the ICO, or the ICO weren't really paying attention, or Google's Street Cars only recorded unsecure data in all those other countries, because on Friday evening, a blog post by a senior Google VP contradicted the findings of the ICO:

"...a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded).

It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords."

So "entire emails and passwords" were recorded by the Street View cars and noticed by "a number of external regulators" - and the ICO saw nothing that "could cause any individual detriment"? Because of Google's admission, the ICO is now to re-examine its initial findings. It's possible that Google were referring to data captured in countries other than the UK, and we'll have to see whether that was the case.

In the meantime, the ICO can continue reprimanding those organisations that continue to abuse personal data, an- what's that?

Oh yes.

In late September, avid Bitterwallet reader Adam Button made a Freedom of Information (FOI) request about the ICO (which itself is responsible for the FOI). Specifically, Adam asked about "the number of fines imposed to both Local and Central Government Authorities for data breaches under the Data Protection Act 1998 in total for 2009 and 2010 thus far".

The answer? Can you guess?

"The Information Commissioner’s Office was, in April 2010, given the power to fine organisations it finds in breach of the Data Protection Act 1998, when appropriate. To date, no fines have been issued and therefore we do not hold any recorded information which would enable us to answer your request."

The ICO was granted the powers (detailed here) to act "as both a sanction and a deterrent against non-compliance with the statutory requirements", and can impose fines of up to £500,000 on a company that either knowingly contravened the Data Protection Act or "ought to have known that there was a risk". Clearly there have been no serious breaches of the Data Protection Act in recent months. We can't think of one. Nope, not one. Not a single one. None at all.

Despite a wealth of companies and government bodies breaching the act through negligence, not a single fine has been issued by the body that polices the system.


  • Daniel Z.
    With all the cut backs being made everywhere, you do have to wonder why they don't just knock all these ****ing useless regulators on the head. I really can't think of a single thing any of them have done for the people they're meant to protect...
  • Bill
    "Street View Cars had captured data from ****UNSECURE**** WiFi networks" Case closed.
  • I c.
    Gas pressure regulators are pretty useful.
  • PaulH
    @I fancy a curry Fancy a Korma?
  • GH
    and bear in mind google already has access to billions of emails already, both personal and corporate
  • Johnters
    i thought the "nobody cares" in the headline was finally a realisation that NOBODY CARES whether their "personal data" is bandied about by google. i certainly DON'T CARE that my girlfriend's boss could look at my e-mail address on facebook if he wanted to. BECAUSE NOTHING BAD WILL HAPPEN.
  • The B.
    This is the same ICO that said Phorm had done nothing wrong then? Even though the EU are prosecuting the UK for ignoring Phorm breaking EU data protection legislature (which the ICO are in charge of), I wouldn't hold my breath if I were you.
  • Phil
    I'd love to scare the people who find this scary by saying that emails are not secure!!! In fact they can be grabbed and copied by any internet server they go through (and they go through many owned by who knows) - in fact the same is true for any unencrypted data! If you care about you data you should encrypt end to end - If your password/email is sent plain text - don't be surprised anyone has grabbed it and read it. This is just like complaining you've been robbed when you threw your money about on a high street!
  • Mark H.
    @ Bill Just because you didn't lock your front door doesn't mean it isn't illegal to walk in and steal all of your stuff. I think more needs to be invested in educating people about why they need to and how they can secure their wireless networks though.
  • Sorry, B.
    [...] Richard Littlejohn? Exactly. But just how much of an ill-informed asshat is he? In his latest column for the Daily Mail, Littlejohn turns technology commenter and reveals a tantalising solution to Google’s recent data-grabbing antics: [...]
  • ICO B.
    [...] After months of people scratching their heads about the spineless actions of the ICO – the body responsible for the enforcement of the Data Protection Act – they’ve finally been called out by MPs over their handling of Google. [...]
  • Houston J.
    I just want to decrease a thoughts and say I’m a newcomer to your site and love a few things I am looking at. Published great written content. Count on returning for more.
  • john
    its a criminal offence under computer misuse act to intercept communications, secured or unsecured. why havent the cips got involved.?
  • Heinsenberg
    The Information Commissioner’s Office employs the biggest chumps I have ever come across.

What do you think?

Your comment