Has the Information Commissioner’s Office lost its bottle?

Google breached Data Protection Act but faces no fine.

The news that the Information Commissioner's Office (ICO) will not issue Google with a fine for what it described as a "significant breach" of the Data Protection Act has enraged privacy advocates.

The row centres on Google's capturing of data from unsecured wireless networks via the antennae on its Street View cars, which have been touring this and other countries, ostensibly to photograph street scenes. Google said the capturing of data being broadcast on private wifi networks was a mistake, and that it is "profoundly sorry".

Yesterday the Information Commissioner, Christopher Graham, said:

"It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act. The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit."

Not good enough, say privacy advocates. A letter signed by Privacy International, NO2ID, Big Brother Watch, Action on Rights for Children and the Open Rights Group described the decision merely to audit Google in future as "the latest episode in a litany of regulatory failure that brings disrepute on the Commissioner's Office and which calls into question whether the ICO is fit for purpose".

They argue that the ICO has been inept over the Google case from start to finish. It's not the first time the office has been accused of lacking teeth.

True enough, it was a request for information by the German authorities – the ICO was nowhere to be seen – that first uncovered the harvesting of personal data by Street View cars. And though this came to light in April, the ICO only visited Google to take a look at a sample of the data it had gathered in the UK on 15 July. After that visit, it said:

On the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data.

It was only after news that Canada and Spain had both ruled that Google's moves had breached their laws that the ICO announced that it, too, does now believe that Google committed a "significant breach" of the Data Protection Act. Yet, despite that finding, the Information Commissioner's Office has said it won't issue a fine – it has the power to issue fines of up to £500,000 – not least because Google has promised not to do it again.

The letter from the privacy groups fumes:

The ICO has completed a full reversal of its position . . . In our view the ICO is incapable of fulfilling its mandate. The Google incident has compromised the integrity of the Office. We can think of very few substantial privacy issues over the past ten years that the ICO has championed. In most cases the Office has become part of the problem either by ignoring those issues or by issuing bizarre and destructive rulings that justify surveillance rather than protecting privacy.

An ICO spokesperson said that it couldn't issue a fine in this case because it would be hard to prove that the breach had caused "substantial harm or substantial distress". Besides, most of the payload data was captured before 6 April, when the ICO was granted its powers to impose fines of up to £500,000. Case closed.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

Photo: Getty Images
Show Hide image

The future of policing is still at risk even after George Osborne's U-Turn

The police have avoided the worst, but crime is changing and they cannot stand still. 

We will have to wait for the unofficial briefings and the ministerial memoirs to understand what role the tragic events in Paris had on the Chancellor’s decision to sustain the police budget in cash terms and increase it overall by the end of the parliament.  Higher projected tax revenues gave the Chancellor a surprising degree of fiscal flexibility, but the atrocities in Paris certainly pushed questions of policing and security to the top of the political agenda. For a police service expecting anything from a 20 to a 30 per cent cut in funding, fears reinforced by the apparent hard line the Chancellor took over the weekend, this reprieve is an almighty relief.  

So, what was announced?  The overall police budget will be protected in real terms (£900 million more in cash terms) up to 2019/20 with the following important caveats.  First, central government grant to forces will be reduced in cash terms by 2019/20, but forces will be able to bid into a new transformation fund designed to finance moves such as greater collaboration between forces.  In other words there is a cash frozen budget (given important assumptions about council tax) eaten away by inflation and therefore requiring further efficiencies and service redesign.

Second, the flat cash budget for forces assumes increases in the police element of the council tax. Here, there is an interesting new flexibility for Police and Crime Commissioners.  One interpretation is that instead of precept increases being capped at 2%, they will be capped at £12 million, although we need further detail to be certain.  This may mean that forces which currently raise relatively small cash amounts from their precept will be able to raise considerably more if Police and Crime Commissioners have the courage to put up taxes.  

With those caveats, however, this is clearly a much better deal for policing than most commentators (myself included) predicted.  There will be less pressure to reduce officer numbers. Neighbourhood policing, previously under real threat, is likely to remain an important component of the policing model in England and Wales.  This is good news.

However, the police service should not use this financial reprieve as an excuse to duck important reforms.  The reforms that the police have already planned should continue, with any savings reinvested in an improved and more effective service.

It would be a retrograde step for candidates in the 2016 PCC elections to start pledging (as I am certain many will) to ‘protect officer numbers’.  We still need to rebalance the police workforce.   We need more staff with the kind of digital skills required to tackle cybercrime.  We need more crime analysts to help deploy police resources more effectively.  Blanket commitments to maintain officer numbers will get in the way of important reforms.

The argument for inter-force collaboration and, indeed, force mergers does not go away. The new top sliced transformation fund is designed in part to facilitate collaboration, but the fact remains that a 43 force structure no longer makes sense in operational or financial terms.

The police still have to adapt to a changing world. Falling levels of traditional crime and the explosion in online crime, particularly fraud and hacking, means we need an entirely different kind of police service.  Many of the pressures the police experience from non-crime demand will not go away. Big cuts to local government funding and the wider criminal justice system mean we need to reorganise the public service frontline to deal with problems such as high reoffending rates, child safeguarding and rising levels of mental illness.

Before yesterday I thought policing faced an existential moment and I stand by that. While the service has now secured significant financial breathing space, it still needs to adapt to an increasingly complex world. 

Rick Muir is director of the Police Foundation