Google data breach will not be investigated

Today the Information Commissioner announced that he will not be taking action against Google for capturing and storing information including passwords and other snippets of actual network communications:

The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK. He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken. The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with.

ORG reiterates that there are still significant questions as to why Google collected this data in the first place. But more importantly, this decision not to investigate calls the ICO itself into question.

The ICO’s job is to protect users from data protection abuses. If the ICO will not fully investigate or take serious action, then they are failing to do their job.

The Data Protection Directive is about to be rewritten and is under review. The EU’s Commissioner, Viviane Reding, accused the ICO of being a watchdog “tied up in the basement”. This action from the ICO is yet more evidence that they are more prone to behave like a lapdog than a watchdog.