Posted by Kevin on January 18, 2015.
The ICO has long suggested that fines are not enough to enforce the Data Protection Act, and that the option for prison sentences needs to be included. It’s been speaking about this on BBC Radio 5 Live:
But who is it going to imprison? You cannot imprison companies, and you are unlikely to single out the formal data controller in large companies for imprisonment. The sanction against large companies will almost certainly remain monetary (currently up to £500,000).
Any prison sentence will largely target small companies where the company and data processor are largely indistinguishable. And I have no problem with that where the offence is severe.
But while the ICO is seeking powers to imprison small businessmen, what is it doing about big business? Bugger all, frankly — especially if the big business is called Google.
The ICO did not. (It also did nothing over Google’s earlier street wifi collection issue except to say ‘stop it and don’t do it again’.) What it did, on 4 July 2013, was say this to Google:
And then nothing. At the time, the Register commented: “various other European data protection commissioners have taken action against Google…the UK’s ICO have never fined Google a penny, ever”. And as far as I am aware, it still hasn’t. In the 16 months since the deadline expired there has been nothing further on either Google satisfying the ICO, or the ICO taking enforcement action.
So my question is this: why is the ICO making a grab for more power when it doesn’t use what it has? Or is the entire purpose to be able to more forcefully punish individuals while allowing big business to get away scot-free? That is, business as usual in the UK.Submitted in: Expert Views, Kevin Townsend's opinions, News, News_politics, News_privacy |