The sound of Google Inc.’s repeated calls for governments and businesses to rapidly reform the rules governing the collection of personal data on the Internet has to create an unsettling feeling amongst those who have followed the issue closely.
On paper, the suggestions being put forth sound forward-thinking and proactive. At a recent United Nations gathering in France, Google’s global privacy counsel, Peter Fleischer, called on regulators, international organizations and private companies to increase dialogue on privacy issues with a goal to create a unified standard.
The company has pointed to two models already on the table that are aiming to create such a standard: one designed by Asia-Pacific Economic Cooperation (APEC), which features a nine-point privacy framework designed to aid countries without existing policies, and another from the U.S. Federal Trade Commission.
It seems that Google wants to generate a discussion that will result in a global practices standard around the collection of information. On September 24, Fleischer said the protections need to be agreed upon within five years.
The message would be so much more palatable if Google wasn’t becoming one of the biggest collectors of online information in the world. Just think about the horde of data sitting on its servers, collected from the millions of Internet users with a Google mail, chat or small business applications account (to name but a few of the company’s software services.)
It’s entirely possible that Google means what it says. But it did not help itself when earlier this year it purchased DoubleClick Inc., an online advertising company that uses technology to track user trends in order to serve targeted ads.
Such a consolidation of data power automatically raises concerns. Google is saying the right things, but as long as it possesses the ability to collect such reams of information on its clients, it will never be free of suspicion.
Further complicating Google’s message is the difficulty associated with attaining its stated objectives. Many European nations, for instance, have much more stringent policies in place than those outlined in the two frameworks Google has referred to. If true global cohesion is to exist on the matter, these countries will have to scale back their levels of privacy protection. This simply is not going to happen.
In Canada, the proposals mentioned by Google wouldn’t radically alter what are already some strong guidelines contained in the Personal Information Protection and Electronic Documents Act (PIPEDA).
What the proposals could do, however, is help the federal Privacy Commissioner add more bite to its bark in cases such as the recent TJX data mismanagement case. Despite breaking most of the major PIPEDA guidelines, the retail giant escaped any kind of fine or similarly damaging punishment.
Google has thrown down a gauntlet for governments, businesses and individual citizens to respond to. Yet IT managers have yet to hear of any specific actions the company itself is engaging in to implement change. When Mr. Fleischer announces that his firm has set a date for the dialogue to begin, where it will happen and who they have invited to the table to participate, perhaps that unsettled feeling will begin to lessen somewhat.
