FOI Man asks whether a former ICO employee working for Google, or an MP using him to make political points, is the greater threat to a free society.
Oh dear. I was planning a quiet week. But then I became aware of this story by Josh Halliday that appeared on the Guardian’s website this evening:
The “story”, if I can even bring myself to call it that, is that Stephen McCartney, a former employee of the Information Commissioner, now works as UK Privacy Manager for Google. MP Robert Halfon has told the Guardian that he intends to raise this in Parliament.
So what is it about Stephen McCartney’s job move that is causing such distress that it requires an MP to cause all this fuss? Those with an interest in privacy matters will be aware that in 2010, the Information Commissioner’s Office investigated claims that Google’s Street View camera vans collected a range of private data from households across the country. Since this, privacy campaigners have criticised the ICO in the belief that the investigation was flawed. Recently, the ICO have started looking at the matter again.
Nobody disagrees that if Google were doing such a thing, and especially if they did so knowingly, it is a serious matter. And from what little I know of this situation, it may well be that the ICO deserve some criticism. But the suggestion appears to be that Mr McCartney’s employment by Google somehow means that his previous employer was less than impartial in its investigation of Google in 2010. The Guardian reports the MP’s view of this:
Halfon said that the ICO “acted after the horse had bolted and have been woefully lacking”. He added: “Now it seems they have had a cosy relationship with the company they have been investigating.”
Can we just rewind that a second? The fact that Google have now employed a former ICO employee, after the event, means that the ICO and Google have a “cosy relationship”? If that’s the definition of a “cosy relationship” these days, I’m really wondering what Croydon Healthcare Trust expected to receive from Boris Johnson when I left the GLA three years ago.
If Mr McCartney had been involved in the earlier investigation, there might be a story here. But towards the end of the story (it’s always at the end that they give the facts that might completely ruin a story, funny that), the ICO are quoted as saying:
“Stephen McCartney played no part in the investigation into the Google Street View project while working at ICO. In any event, ICO employees continue to be legally bound by a confidentiality agreement after they leave the organisation, as part of the Data Protection Act.”
Or, of course, if there was evidence of collusion between Google and the ICO since Mr McCartney moved to Google:
“The published correspondence between Google and the ICO clearly shows that Stephen McCartney was treated like any other organisation’s representative, with his emails receiving nothing more than a polite acknowledgement. “
I don’t know Stephen McCartney personally, but I’ve seen him talk and answer questions informatively and helpfully at conferences. I have a feeling that we studied for our LLMs in Information Rights at the same time (it was a distance learning course, so even if we were, we may well never have been in the same room). But I do know that he didn’t work in the department that carries out investigations into Data Protection breaches. And that brief enquiries to the ICO would have confirmed that.
So the basic story here is that a middle manager who had some expertise in Data Protection was recruited by an organisation that needed help to improve its compliance with Data Protection. I’m struggling to see why that’s worrying. In fact, isn’t it actually a good thing if Google get advice from someone with Stephen’s experience?
The implication of this story is that it is somehow wrong for any member of the ICO’s staff to change jobs and work for an organisation that the ICO has investigated. According to the ICO’s Annual Report, published earlier today, nearly 13,000 Data Protection complaints were received by them in 2011/12. Over 7,000 Privacy and Electronic Communications Regulations complaints. 4,633 complaints under FOI or the Environmental Information Regulations were received. On the Data Protection and Privacy Regulations side they have responsibilities for compliance in every organisation – public and private sector – in the country. Are we really saying that ICO staff should never be allowed to move jobs in case it could be suggested that their new employer will have some kind of unspecified advantage if they have ever been, or will ever be, investigated by the ICO?
What really bothers me about this story, and the attitude of the MP involved, is that someone in a similar situation as myself – a relatively junior member of staff in the grand scheme of things – is apparently fair game if politicians or campaigners want to score points against a big corporation or a watchdog. We’re not talking here about a former Minister using his or her perceived power and influence to obtain lucrative contracts post-government. Or a rich banker resigning over dodgy practices going on on his watch and being given a handsome payoff before slipping smoothly into a new job in another big bank.
Instead we’re talking about an ordinary guy, who went for a job opportunity as many of us do. And for trying to improve himself, he received the unwanted attention of an influential individual, who can now make innuendo about him in the press, and the House of Commons, without it seems, any concern for the impact on that person’s personal life. It could be me next. It might be you in a few years’ time. Today it’s Stephen McCartney. To me, that’s Big Brother made real. And it stinks.