Has the Information Commissioner’s Office lost its bottle?

Google breached Data Protection Act but faces no fine.

The news that the Information Commissioner's Office (ICO) will not issue Google with a fine for what it described as a "significant breach" of the Data Protection Act has enraged privacy advocates.

The row centres on Google's capturing of data from unsecured wireless networks via the antennae on its Street View cars, which have been touring this and other countries, ostensibly to photograph street scenes. Google said the capturing of data being broadcast on private wifi networks was a mistake, and that it is "profoundly sorry".

Yesterday the Information Commissioner, Christopher Graham, said:

"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act. The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."

Not good enough, say privacy advocates. A letter signed by Privacy International, NO2ID, Big Brother Watch, Action on Rights for Children and the Open Rights Group described the decision merely to audit Google in future as "the latest episode in a litany of regulatory failure that brings disrepute on the Commissioner's Office and which calls into question whether the ICO is fit for purpose".

They argue that the ICO has been inept over the Google case from start to finish. It's not the first time the office has been accused of lacking teeth.

True enough, it was a request for information by the German authorities – the ICO was nowhere to be seen – that first uncovered the harvesting of personal data by Street View cars. And though this came to light in April, the ICO only visited Google to take a look at a sample of the data it had gathered in the UK on 15 July. After that visit, it said:

On the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data.

It was only after news that Canada and Spain had both ruled that Google's moves had breached their laws that the ICO announced that it, too, does now believe that Google committed a "significant breach" of the Data Protection Act. Yet, despite that finding, the Information Commissioner's Office has said it won't issue a fine – it has the power to issue fines of up to £500,000 – not least because Google has promised not to do it again.

The letter from the privacy groups fumes:

The ICO has completed a full reversal of its position . . . In our view the ICO is incapable of fulfilling its mandate. The Google incident has compromised the integrity of the Office. We can think of very few substantial privacy issues over the past ten years that the ICO has championed. In most cases the Office has become part of the problem either by ignoring those issues or by issuing bizarre and destructive rulings that justify surveillance rather than protecting privacy.

An ICO spokesperson said that it couldn't issue a fine in this case because it would be hard to prove that the breach had caused "substantial harm or substantial distress". Besides, most of the payload data was captured before 6 April, when the ICO was granted its powers to impose fines of up to £500,000. Case closed.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

Getty
Show Hide image

The internet dictionary: what is a Milkshake Duck?

Milkshake ducking is now more common than ever.

The whole internet loves Milkshake Duck, a lovely duck that drinks milkshakes! Oh, apologies. We regret to inform you that the duck is a racist.

This is the gist of a joke tweet that first went viral in June 2016. It parodies a common occurrence online – of someone becoming wildly popular before being exposed as capital-B Bad. Milkshake Ducks are internet stars who quickly fall out of favour because of their offensive actions. There is no actual milkshake-drinking duck, but there are plenty of Milkshake Ducks. Ken Bone was one, and so was the Chewbacca Mask Lady. You become a Milkshake Duck (noun) after you are milkshake ducked (verb) by the internet.

Bone, who went viral for asking a question in a 2016 US presidential debate, was shunned after five days of fame when sleuths discovered his old comments on the forum Reddit. In them, he seemed to express approval for the 2014 leak of the actress Jennifer Lawrence’s nude photos and suggested that the shooting of the unarmed black teenager Trayvon Martin in 2012 had been “justified”. The Chewbacca Mask Lady – a woman who went viral for a sweet video in which she laughingly wore a mask of the Star Wars character – was maligned after she began earning money for her fame while claiming God had made her go viral for “His glory”.

Milkshake ducking is now more common than ever. It embodies the ephemerality of internet fame and, like “fake news”, reveals our propensity to share things without scrutinising them first.

But the trend also exposes the internet’s inherent Schadenfreude. It is one thing for an online star to expose themselves as unworthy of attention because of their present-day actions and another for people to trawl through their online comments to find something they said in 2007, which they may no longer agree with in 2017.

For now, the whole internet loves milkshake ducking. We regret to inform you that it still doesn’t involve milkshakes. Or ducks.

Amelia Tait is a technology and digital culture writer at the New Statesman.

This article first appeared in the 17 August 2017 issue of the New Statesman, Trump goes nuclear