Back in June Web and Rank reported on a Google scandal. Google accidently acquired or stole 600GB of payload data from British, Canadian, Australian, German and other homes while taking pictures for streetview.
Whatever Happened to Google and the Wifi Data?
This story had been nicely brushed under the carpet but it has now resurfaced with a rather unsatisfactory ending.
It is accepted that Google accidently took the data and they will delete it ‘as soon as possible’. For one, has there been a real investigation into the potential ‘crime’? At the time Google admitted it was a rogue engineer acting alone, what actions have they taken with him? Secondly, why hasn’t it been deleted already?
The news was given to the press by the Deputy Information Commissioner David Smith. He also stated that the case was closed with no further enquiries being made and that none of the information ‘had fallen into the wrong hands’.
The Information Commissioner’s Office (ICO) is a Lame Duck.
This story has highlighted serious faults in the UKs ability to protect people against these sorts of problems or attacks.
The ICO conducted a basic and inadequate investigation, they in fact waited for the Canadian report and used that instead. The Canadians are taking this privacy breach much more seriously than the British. The Canadian authorities were able to conduct comprehensive investigations, concluding that thousands of Canadians had been affected and it was a serious violation of privacy laws.
The ICO firstly deemed that ‘no significant breach’ had occurred but after reading the Canadian report the ICO quickly changed it to a ‘significant breach’.
The most shocking news to come out of this story is that the ICO can only audit companies that have given prior permission. The Open Rights Group (a digital advocacy network) has jumped straight on this saying it is a ‘shocking state of affairs’. The ICO does not know what it’s doing, it is an out of date organisation that does not even have the powers to investigate thoroughly.
This kind of breach by Google is the same as opening someone else’s post without prior permission this crime is called unlawful interception. The UK does not even have a public body to investigate interception breaches. The best the ICO could do is to make Google promise (yes I know ‘promise’) to offer privacy training to it staff.
This is an absolute joke, as a British citizen I find this appalling. There are so many questions; exactly whose data was stolen? How did this mistake come about? How can we know for sure it was a mistake? How do you mistakenly collect personal data for three years? Will the people whose data was stolen receive any kind of apology from Google? And why, why, why did we have to agree on a deal to delete the data? It should be deleted already.
Other countries are not taking this as lightly, here’s to hoping that the Germans, Canadians or Australians can squeeze some money out of Google.
The world desperately needs a regulatory authority to audit exactly what Google and other similar organisations get up to.