twitter facebook rss

ICO wants prison for offenders as long as it can continue to ignore Google

Posted by on January 18, 2015.

The ICO has long suggested that fines are not enough to enforce the Data Protection Act, and that the option for prison sentences needs to be included. It’s been speaking about this on BBC Radio 5 Live:

ICO on TwitterBut who is it going to imprison? You cannot imprison companies, and you are unlikely to single out the formal data controller in large companies for imprisonment. The sanction against large companies will almost certainly remain monetary (currently up to £500,000).

Any prison sentence will largely target small companies where the company and data processor are largely indistinguishable. And I have no problem with that where the offence is severe.

But while the ICO is seeking powers to imprison small businessmen, what is it doing about big business? Bugger all, frankly — especially if the big business is called Google.

The ICO is a member of the Article 29 working party of data protection regulators within the EU. That group long ago (2013) collectively found that Google’s privacy policy is in breach of the EU’s data protection laws — and many of the countries concerned immediately levied large fines on the company.

The ICO did not. (It also did nothing over Google’s earlier street wifi collection issue except to say ‘stop it and don’t do it again’.) What it did, on 4 July 2013, was say this to Google:

“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”
ICO update on Google privacy policy

And then nothing. At the time, the Register commented: “various other European data protection commissioners have taken action against Google…the UK’s ICO have never fined Google a penny, ever”. And as far as I am aware, it still hasn’t. In the 16 months since the deadline expired there has been nothing further on either Google satisfying the ICO, or the ICO taking enforcement action.

So my question is this: why is the ICO making a grab for more power when it doesn’t use what it has? Or is the entire purpose to be able to more forcefully punish individuals while allowing big business to get away scot-free? That is, business as usual in the UK.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions, News, News_politics, News_privacy |