[245] in Privacy_Forum
[ PRIVACY Forum ] Google, Privacy, the EU, and a Question of Attitude
daemon@ATHENA.MIT.EDU (privacy@vortex.com)
Sat May 26 13:37:26 2007
Message-Id: <200705261623.l4QGN63C029825@chrome.vortex.com>
To: privacy-list@vortex.com
Date: Sat, 26 May 2007 09:23:06 -0700
From: privacy@vortex.com
Reply-To: PRIVACY Forum Digest mailing list <privacy@vortex.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: privacy-bounces+privacy-forum=mit.edu@vortex.com
Content-Transfer-Encoding: 8bit
Google, Privacy, the EU, and a Question of Attitude
http://lauren.vortex.com/archive/000241.html
Greetings. You may have heard that the European Union Article 29
Working Party, which deals with privacy issues, has recently sent
Google a letter asking for "clarification" of their data retention
policies and related matters. While the chairman of the working
party seemed to express significant support for Google's position,
it's increasingly clear that individual member countries have their
own not always identical privacy concerns.
There are reasonable arguments on both sides of the equation when it
comes to search engine privacy. When Google recently announced some
positive changes in their retention policy, I applauded this
publicly as a good first step
( http://lauren.vortex.com/archive/000217.html ), though the amount of
Google-retained data still potentially linkable to individuals is
vast.
But in reports of Google privacy chief Peter Fleischer's comments
relating to the EU query, a bit of the old Google "arrogance" is
starting to push through, and this is not to Google's long-term
advantage. Peter and I have had cordial communications in the past,
and he's a good guy. Obviously, I have had differences with Google
regarding their data retention policies in particular. I have never
asserted evil motives by Google, rather, my main concern is that
their policies may enable others to do evil with Google collected
data.
My proposal a year ago for a Google Privacy Initiative
( http://www.vortex.com/google-privacy-initiative ) didn't seem to have
much impact at the time, nor did related calls for a broad,
industry-wide approach for dealing with these issues
( http://lauren.vortex.com/archive/000188.html ).
Google's Peter Fleischer now appears to be pushing for a single
global approach for data protection and a global privacy treaty:
"We as a company have a single approach to privacy right across the
world. We can't run a system that has different privacy levels for,
say Google.com and the Dutch site Google.nl -- that would be crazy...
So if we can do it why can't policymakers?"
As attractive as such a concept might be in theory (but only if that
single approach were strong enough in terms of protecting privacy),
I suspect that it is unrealistic. And that's where that touch of
Google arrogance I mentioned above comes in, and it's a problem a
lot of techies share (and as a techie of long standing myself, I'm
not entirely immune either!)
It's natural for technologically-oriented people to see straightforward,
logical, encompassing approaches to dealing with problems. That's part
of how advanced technology is thought up and engineered.
But when we try to map that attitude onto the non-technical world,
we can easily step into the quicksand of decidedly non-technical
human emotions and concerns. In particular, the key aspects
regarding the very concept of privacy vary widely around the globe.
For that matter, they vary significantly among the different states
here in the U.S., and even between different courts at the state and
federal level.
This suggests that a formal "one world policy" when it comes to
privacy is unlikely to be formulated and/or maintained, though
individual subtopic agreements regarding particular forms of data
transfer and the like are always possible.
By seeming to push for the governments of the world to conform their
privacy views with Google's technological approaches, I believe that
Google is setting a very high bar that diverts us from more
achievable goals of better protecting user data while preserving its
value for Google and other search engines. In essence, Google seems
to be saying that it wants the world to change to match what Google
wants to do, rather than Google adjusting to the world's privacy
sensibilities. This is probably not a winning position in the final
analysis.
Apart from the current EU query, which I don't suspect will end
up being a particularly big issue, there are much more serious
privacy-related threats to Google's current business models waiting
in the wings at the hands of legislators and courts, and these will
be pulling at Google from the opposite extremes of demanding both
stronger and laxer privacy protections in particular contexts. Talk
about being between a rock and a hard place.
Peter Fleischer makes some excellent points when he notes the
difficulty of meeting a widely disparate range of privacy rules.
He's right, but that's the ball game right now, and there are
legitimate reasons for those disparities in many cases. We should work
toward harmonization where appropriate, but that's likely to go only
so far. Peter also called on Yahoo! and Microsoft to clarify their
data retention policies and practices. I completely agree with this
call, though as the industry leader and trendsetter by far, it's
obvious why the spotlight tends to stay firmly affixed on Google.
Speaking of policymakers and the global debate over privacy, Peter
also said:
"We need to start talking now. We in the industry have to start
the debate."
Many of us have been calling for just such a debate and discussion
for years. We're well *past* the time when this dialogue should
have been initiated. The privacy dilemmas now facing Google and
other Internet services have been long predicted, and specific
palliative approaches have been suggested from various quarters but
generally ignored by the major players.
That's history, and it's tomorrow that must mainly concern us when
it comes to such issues, not yesterday. So perhaps the time is
finally right for really reaching the core of both the technological
and non-technological aspects of privacy at Google, and at their
competitors as well, around the world.
Let's get to work.
--Lauren--
Lauren Weinstein
lauren@vortex.com or lauren@pfir.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Founder, CIFIP
- California Initiative For Internet Privacy - http://www.cifip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy
