Google can't be serious about a privacy standard

The sound of Google Inc.’s repeated calls for governments and businesses to rapidly reform the rules governing the collection of personal data on the Internet has to create an unsettling feeling amongst those who have followed the issue closely.

On paper, the suggestions being put forth sound forward-thinking and proactive. At a recent United Nations gathering in France, Google’s global privacy counsel, Peter Fleischer, called on regulators, international organizations and private companies to increase dialogue on privacy issues with a goal to create a unified standard.

The company has pointed to two models already on the table that are aiming to create such a standard: one designed by Asia-Pacific Economic Cooperation (APEC), which features a nine-point privacy framework designed to aid countries without existing policies, and another from the U.S. Federal Trade Commission.

It seems that Google wants to generate a discussion that will result in a global practices standard around the collection of information. On September 24, Fleischer said the protections need to be agreed upon within five years.

The message would be so much more palatable if Google wasn’t becoming one of the biggest collectors of online information in the world. Just think about the horde of data sitting on its servers, collected from the millions of Internet users with a Google mail, chat or small business applications account (to name but a few of the company’s software services.)

It’s entirely possible that Google means what it says. But it did not help itself when earlier this year it purchased DoubleClick Inc., an online advertising company that uses technology to track user trends in order to serve targeted ads.

Such a consolidation of data power automatically raises concerns. Google is saying the right things, but as long as it possesses the ability to collect such reams of information on its clients, it will never be free of suspicion.

Further complicating Google’s message is the difficulty associated with attaining its stated objectives. Many European nations, for instance, have much more stringent policies in place than those outlined in the two frameworks Google has referred to. If true global cohesion is to exist on the matter, these countries will have to scale back their levels of privacy protection. This simply is not going to happen.

In Canada, the proposals mentioned by Google wouldn’t radically alter what are already some strong guidelines contained in the Personal Information Protection and Electronic Documents Act (PIPEDA).

What the proposals could do, however, is help the federal Privacy Commissioner add more bite to its bark in cases such as the recent TJX data mismanagement case. Despite breaking most of the major PIPEDA guidelines, the retail giant escaped any kind of fine or similarly damaging punishment.

Google has thrown down a gauntlet for governments, businesses and individual citizens to respond to. Yet IT managers have yet to hear of any specific actions the company itself is engaging in to implement change. When Mr. Fleischer announces that his firm has set a date for the dialogue to begin, where it will happen and who they have invited to the table to participate, perhaps that unsettled feeling will begin to lessen somewhat.

Related Content

Google’s Latitude: Not new, but worrisome
At the most benign it will mean more pop-up ads for the Starbucks a block away from where you are. We will only find out about the other extreme over time

SWIFT's Microsoft deal leaves privacy issues open
The financial messaging service has teamed up with the software giant to help make connectivity easier, but what is the Belgium-based organization doing to the data it exchanges? CIPPIC raises some outstanding concerns

Google says Street View will comply with privacy laws
Google Inc.'s Street View application, which has raised privacy concerns because of the street-level images of locations it provides, will respect the local laws of the countries wherever it is available, the company's privacy counsel said yesterday in a company blog.

Comments (2)

I think there may be an obvious piece missing from this puzzle.

by Alec Munro 10/22/2007 12:00:00 AMWhile it may seem like there is a disparity between Google's talk and actions, I think it's pretty clear that the talk is intended in lieu of action. Google wants the world to standardize on a privacy policy that it finds palatable. It's likely that this policy is compatible with all of their existing data storage, and what they are looking for is international government validation of these policies. Consider their current situation: - They have a very large variety of applications storing personal information, available internationally. - Divergent privacy standards would require customizing these applications on a regional basis, which would be a massive undertaking. So in essence, this is move by Google to reduce the amount of maintenance development required on it's applications. There's somewhat of correlary here, where if Google were to aggressively implement a specific policy, it could polarize the factions involved in the international policy debate, if it were to omit certain regions pet issues.

APEC Framework does not present a reliable standard

by chris pounder 10/24/2007 12:00:00 AMThe APEC Privacy Framework has been put forward as a foundation on which to build a global privacy framework. The lack of detail in the Framework makes it a shaky foundation that risks creating national privacy laws and rules that would be inconsistent with each other and far weaker than Europe's traditional approach to the subject. http://www.out-law.com/page-8551 (News item); Analysis: http://www.out-law.com/page-8550