ICO Rejects ‘Alarmist Agenda’ Over Google WiSpy

The ICO says no to any “knee jerk” action on Google over its Wi-Fi snooping, despite MPs’ requests

The Information Commissioner’s Office has said it will “not be panicked into a knee jerk response” to pressure from MPs, who want the watchdog to fine Google because its Street View cars accidentally gathered people’s private Wi-Fi data.

Google admitted in May that its cars had taken Wi-Fi “payload” data, but only confessed last week that this so-called “WiSpy” data included complete URLs, emails and passwords. This led Information Commissioner Christopher Graham to launch a new investigation into Google, saying that he was considering using his power to fine companies who breach privacy.

The ICO had previously cleared Google back in July, saying that the data collected could not be linked to any individuals.

Last straw For MPs

However, Google’s admission that its Street View cars had taken more personal data by Wi-Fi than first thought, was the last straw for many commenters and some in the political arena.

Tory Robert Halfon MP opened a backbench debate last week in Parliament in which he also called for an “Internet bill of rights” to protect individuals online, during which he also took issue with the ICO over its response to the Google WiSpy incident. Halfon reportedly called the UK Information Commissioner “lily-livered”.

And prior to debate, he told the BBC that Google had “gone too far” and the ICO’s lack of action was “lamentable”.

But the ICO has firmly rejected the pressure from MPs over the issue.

‘Emotive Arguments’

“As a regulator, the ICO must take a calm and measured approach to the issue of data privacy and ensure that we do not get caught up in the emotive arguments which will only naturally take place around sensitive issues such as the inadvertent collection of data by Google Street View,” the regulator said in a statement.

“We must remain evidence based and although our enquiries, along with the enquiries of our international counterparts, are taking longer than many people might like, it is of paramount importance that we get our decision right in order to ensure the public can be confident that their long term privacy interests are being maintained,” it added.

The ICO said that it had followed the MPs’ debate on 28 October, but found there was a “great deal of misunderstanding about the actions the ICO had already taken.”

“We are keen to discuss with MPs and ministers how we can further defend privacy on the internet as technologies and applications develop,” it said.

“The situation as it stands is this. Earlier this year the ICO visited Google’s premises to make a preliminary assessment of the ‘pay-load’ data it inadvertently collected whilst developing Google Street View,” said the ICO. “Whilst the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts.”

Course of Action

“Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails and passwords have been captured,” the ICO added. “We have already made enquires to see whether this admission relates to the data inadvertently captured in the UK, and we are now deciding on the necessary course of action, including a consideration of the need to use our enforcement powers.”

The ICO of course has the power to impose tough penalties on culprits. While it was not given the power to send people to prison, it is able to impose fines of up to £500,000 on those who leak private data, snoop, or retain it inappropriately. However, so far the ICO has yet to flex its muscles. There have been no fines for data breaches since the ICO got the power to impose them, even though there have been spectacular losses of data recently.

Nevertheless, the ICO believes it is on the right track.

“It is also important to note that none of the regulators currently investigating Google Street View have taken direct enforcement action at this stage, with the US investigation led by the US Federal Trade Commission for example ruling out direct action, although mirroring our own concern that this data was allowed to be collected by an organisation who showed such disregard for international data protection legislation,” said the ICO.

‘Alarmist Agenda’

“This week the Metropolitan Police have also closed their case believing it would not be appropriate to pursue a criminal case against Google under the Regulation of Investigatory Powers Act (RIPA),” the ICO added.

And the ICO saved its most damming statement on the political pressure to the last.

“Whilst we continue to work with our other international counterparts on this issue we will not be panicked into a knee jerk response to an alarmist agenda,” it said.

The Street View cars returned to British roads in August – minus their Wi-Fi antennas, and are also back in action in Ireland, Norway, South Africa and Sweden. And last month Google extended Street View to cover all seven continents, incorporating new images from Brazil, Ireland and Antarctica.