Over at PC Pro, an unbelievable story: the Information Commissioner’s Office and Google "teamed up" on their response to Rob Halfon MP's complaint about the search giant's Wi-Fi scandal.
PC Pro obtained documents using the Freedom of Information Act which support this explosive allegation of collusion between "watchdog" and data snatcher.
As readers of this site will know well by now, Google was caught scraping private data from unsecured Wi-Fi connections in May as their cars trundled around the country, but initially said no personal information was collected.
The ICO "investigated" the issue in July, agreeing with that assertion; had it been up to the ICO, the whole scandal would have ended then and there, on an untrue basis that not even Google now maintains to be the case. But in October both Google and their pals at the ICO had to admit they were wrong after other data watchdogs abroad, who actually had an interest in doing some work, uncovered the unsurprising fact that email addresses, passwords and URLs had in fact been picked up.
Given that admission, Tory MP and friend of BBW Robert Halfon asked questions about the investigation in Parliament. Over to PC Pro:
After Google confessed the scraped data held more personal information than it first admitted, the ICO's group manager for business and industry, Dave Evans, sent an email to a Google employee with the subject line “guess what this might be about”.
Evans asked the Google employee, whose name has been redacted, if they were free for a “quick chat about the Wi-Fi business”.
“We are having an internal meeting next week about our next steps and obviously in light of Rob Halfon MP’s continued misrepresentation of the issue, the quicker we get something done the better,” Evans said.
The exchange was revealed in a Freedom of Information Act request by PC Pro. However, the ICO refused to hand over details of its Google investigation, claiming the information could hinder other data watchdogs’ on-going cases.
In response, Halfon told PC Pro that he still believes the ICO should have been tougher on Google. "I've had a very amicable meeting with the ICO, but I still think the organisation is falling short in its investigation of Google."
Which I think we can agree is pretty restrained in light of the ICO's cosy chat about Rob with Google, over whom they're supposed to be watching…
After Google admitted collecting personal data, the ICO declared the incident a “serious” breach of the Data Protection Act. The watchdog required Google to sign an “undertaking notice,” promising to delete the data, submit to an audit and improve its data practises.
But the documents obtained by PC Pro show that the ICO let Google submit changes to the undertaking, notably asking the watchdog to shrink down the scope of the audit:
“That draft scope was however extremely wide and one Google would definitely not be comfortable with without considerable refinement and discussion,” wrote a Google employee.
Google later explained that the company was worried about the precedent the audit might set in other countries.
The two organisations debated the timeframe, with the ICO preferring the audit happen within six months, while Google appeared to favour a year. In the end, the pair split the difference and agreed on nine months.
The documents also show ICO employees didn’t initially believe investigating the issue was "actual work":
“Apologies for taking a while to get back to you with yet more questions, but restructuring in the office and other (actual) work has delayed my response somewhat,” Evans wrote in May to a Google employee, two months before the watchdog looked at a sample of the collected data.
And there's no need to take my word for any of this. You can see the two collections of emails can be viewed in PDF format over at PC Pro (to whom, massive kudos for a first class bit of investigation).
For some time I have been maintaining that the ICO is an apologist for the worst offender in the field rather than a policeman of it. Well, here's the proof, in writing.
By Alex Deane