H4cked Off: The ICO's Google decision is a whole new level of spinelessness

The government lets big business walk all over it

Earlier this year, I wrote about how I considered the ICO's meagre £250,000 fine handed out to Sony for losing control of its servers and risking the theft of every man, woman and child's data on there as "a slap on the wrist".

But now, it transpires that not only has the ICO chickened out of fining Google £500,000 for "accidentally" collecting data on members of the public as its Street View cars trundled around the country, it's actually decided not to fine Google at all.

It feels like a pattern is emerging, and that's roughly that the severity of data loss is inversely proportional to the fine meted out. Lose 2,000 NHS patient details on hard drives on eBay, that'll cost you £325,000. Lose 2.2m logins and credit card details off PlayStation network, that's £250,000.

Send a fleet of cars waltzing around a whole country, nicking internet passwords, internet usage history and goodness what else direct from people's homes, and you get off scot free.

This doesn't just make the ICO look toothless. It doesn't even just make the ICO look dangerously, even criminally, incompetent. It makes it look scared, and unwilling to rise to the challenge of standing up to something bigger than itself. And if this country's own regulatory body is too scared to stand up for our privacy on the world stage, that's a massively serious problem for the future of anybody in the UK who values the sanctity of their personal data.

Because let's not forget that this pardon isn't even the first time the ICO has tried to brush the Google Street View issue under the carpet. It closed its initial investigation back in 2012, saying it didn't have the right regulatory powers to fine Google at the time. However, it mysteriously reopened the case after the FCC began an investigation which ended with a $7m settlement earlier this month, as well as a further $25,000 in response to Google apparently attempting to obstruct the investigation.

Google refusing to fully comply with orders apparently wasn't restricted to just the US either, and this is where things get truly pitiful as far as the ICO is concerned, because by all accounts, the web giant failed to destroy the data it had collected on at least one

[Please continue to page 2]

H4cked Off: The ICO's Google decision is a whole new level of spinelessness

The government lets big business walk all over it

While the ICO has now placed "a legal requirement" on Google to delete "the remaining payload data identified last year within the next 35 days" as well as immediately informing the ICO "if any further disks are found," such behaviour should surely be signalling the ICO to begin asking even more serious questions of Google.

Namely: why has the company been holding on to reams of illegally-obtained data on the general public for a number of years, and why has it effectively been lying about destroying it? How does Google keep "finding more" data it didn't seem to know about before?

And going even further back, why was the ICO swallowing that a "coding error" by one man led to this harvesting of data? Even if an error led to the actual act of collecting data, why was Google even driving around with such an arcane technological ability in the first place? And why was it covering that up?

It's especially worrying that Google has spent possibly years in possession of information it has no legal right to possess with the constant Prism revelations coming through in recent days. If Google will happily hand over the Gmail account details of Wikileaks volunteers to the NSA, would it stop at handing over information it's not even supposed to have from its Google Street View victims?

There is so little about any of Google's defence across the years of this whole investigation that it's astonishing the ICO can come out with a straight face and say there's no cause to impose a fine. Whether the information has been "quarantined" or not, it was illegally obtained, and it was still in Google's possession after the company had been ordered to destroy it.

Perhaps even the FCC's $7m wasn't enough for a company that turns up $50bn in revenue a year, but it's better than quite literally letting the company off scot-free. As things stand, the ICO is making a mockery of any attempt to make information regulation a reality in the UK. All it's shown so far is that it's happy to chase the public sector for money to shift around inside the government's own coffers, but is absolutely terrified to battle the big boys.

Meanwhile, Google's behaviour by not complying, and success by inelegantly fudging its explanations for its conduct, shows nothing more than that the biggest, richest corporations have nothing to fear from governmental intervention on behalf of the public interest.

On the other hand, as William Hague piped up the other week, the government has no problem whatsoever with penalising, and offering up to Prism, any individual who it doesn't consider "a law-abiding citizen". And it'll happily use Google's (possibly ill-gotten) data to get them.

There's never been a darker time for data privacy.