Google privacy debate continues

Google implemented its revised Privacy Policy on 1 March as it indicated it would, but pressure to amend the policy continues.

Several days ago the EU’s Justice Commissioner apparently said that authorities had found that “transparency rules have not been applied” by Google and that the changes made are in breach of European law (see the BBC reports).

Japan’s trade and industrial ministry also warned that Google must follow Japan’s privacy law in implementing its new approach, and that Google needed to provide explanations to address users’ concerns (Computerworld UK).

And members of the US senate have asked the Federal Trade Commission to investigate whether the new policy breaches the company’s settlement over the Buzz social networking site (see Infosecurity magazine). Although a separate claim by a US based privacy group the Electronic Privacy Information Center, also filed with the Federal Trade Commission, about concerns over the privacy policy has been dismissed.

Locally, the Asia Pacific Privacy Authorities (APPA), which is the forum for the privacy authorities of New Zealand, Australia, Canada, Mexico, Hong Kong and South Korea, has written to Google chief executive Larry Page to raise concerns about the policy. APPA’s letter (which can be viewed here: APPA letter) indicates concerns that:

  • combining personal information from across different services has the potential to significantly impact on the privacy of individuals;
  • in condensing and simplifying the privacy policies, important details in the policies may have been lost; and
  • privacy tools such as the Dashboard and the Opt-out in the Ads Preference Manager are not readily accessible.

The response to APPA from Google’s Global Privacy Counsel (here if you would like to see it in full) indicates that the sharing of data across Google services is something Google has “already done for a long time for many of our products“ (and its previous privacy policies reflected that, as we mentioned in our previous blog post on the new policy). The letter also confirms that Google is not collecting any new or additional data about users under the new “up-dated” policy and that Google does not  sell users’ personally identifiable information.

The letter includes some interesting comments about deletion or removal of data, which continues to be an issue with many social networking tools. The letter states that Google makes ”good-faith efforts to provide our users with access to their personal information and to delete such data at their request, if it is not otherwise required to be retained by law or for legitimate business purposes“. It goes on to say that immediate deletion of user data is not always practicable due to the way the Google archiving system operates, but that Google has processes in place to remove user data from active serving systems within a reasonable period of time after a user asks it to close his or her Google Account.

(Photo by Robert Scobie and licensed under a CC-BY 2.0 (Generic) licence.)

Leave a Reply

If you'd like to get to know us or discuss something over coffee, drop us a line.