All posts in Privacy

Social Media and the Law seminar

Back in April of this year, Andrew Scott-Howman (specialist employment law barrister with Port Nicholson Chambers and co-author of Workface) and I delivered a New Zealand Law Society seminar series on Social Media and the Law.

We discussed three main topics: I discussed “your and your clients’ use of social media for business purposes: a lifecycle approach”, Andrew then discussed “employer and employee use of social media: an employment law perspective”, and I then discussed “third party use of social media against organisations and staff: legal and practical remedies” (also touching on “reform and the future” at the end). Read more…

Google privacy debate continues

Google implemented its revised Privacy Policy on 1 March as it indicated it would, but pressure to amend the policy continues.

Several days ago the EU’s Justice Commissioner apparently said that authorities had found that “transparency rules have not been applied” by Google and that the changes made are in breach of European law (see the BBC reports).

Japan’s trade and industrial ministry also warned that Google must follow Japan’s privacy law in implementing its new approach, and that Google needed to provide explanations to address users’ concerns (Computerworld UK).

And members of the US senate have asked the Federal Trade Commission to investigate whether the new policy breaches the company’s settlement over the Buzz social networking site (see Infosecurity magazine). Although a separate claim by a US based privacy group the Electronic Privacy Information Center, also filed with the Federal Trade Commission, about concerns over the privacy policy has been dismissed.

Locally, the Asia Pacific Privacy Authorities (APPA), which is the forum for the privacy authorities of New Zealand, Australia, Canada, Mexico, Hong Kong and South Korea, has written to Google chief executive Larry Page to raise concerns about the policy. APPA’s letter (which can be viewed here: APPA letter) indicates concerns that:

  • combining personal information from across different services has the potential to significantly impact on the privacy of individuals;
  • in condensing and simplifying the privacy policies, important details in the policies may have been lost; and
  • privacy tools such as the Dashboard and the Opt-out in the Ads Preference Manager are not readily accessible.

The response to APPA from Google’s Global Privacy Counsel (here if you would like to see it in full) indicates that the sharing of data across Google services is something Google has “already done for a long time for many of our products“ (and its previous privacy policies reflected that, as we mentioned in our previous blog post on the new policy). The letter also confirms that Google is not collecting any new or additional data about users under the new “up-dated” policy and that Google does not  sell users’ personally identifiable information.

The letter includes some interesting comments about deletion or removal of data, which continues to be an issue with many social networking tools. The letter states that Google makes ”good-faith efforts to provide our users with access to their personal information and to delete such data at their request, if it is not otherwise required to be retained by law or for legitimate business purposes“. It goes on to say that immediate deletion of user data is not always practicable due to the way the Google archiving system operates, but that Google has processes in place to remove user data from active serving systems within a reasonable period of time after a user asks it to close his or her Google Account.

(Photo by Robert Scobie and licensed under a CC-BY 2.0 (Generic) licence.)

Google announced last week that it is replacing its previous privacy policies, which differed across specific Google services, with one overall policy.

The new policy, available here, has come under criticism for allowing Google to share user data across its services (for instance, across services like Gmail and YouTube).

The pooling of information in this way, critics say, increases the attraction for advertisers, because adverts can be more targeted.

Microsoft has been particularly vocal in criticising the new policy, taking out full-page ads in several large American newspapers including Today, The Wall Street Journal and New York Times (

The new policy does include the ability for Google to share information across its services. For example:

We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services.

But, Google’s privacy policy has not changed in relation to sharing user data across services. In fact the rights for Google to share information across services goes back to at least 2004. See the 2004 Google Privacy Policy.

It is also important to note that Google does not appear to provide personal information directly to advertisers. What its privacy policy says, on this issue, is that it “may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites“. Google has also said that its “computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you”. That is quite different to providing individual and personally identifying user information to advertisers.

It’s of course important that users are aware of the privacy policies and the terms and conditions that apply to the services they are using. But in some ways this negative publicity is ironic. As a user and as a legal adviser, I welcome having one consolidated privacy policy to consider for the range of Google services (excluding Postini it should be noted), instead of trawling through a number of policies. Perhaps the media attention just reflects a growing awareness of the issues around privacy and the Internet. And awareness of those issues is a good thing.

(Photo by Robert Scobie and licensed under a CC-BY 2.0 (Generic) licence.)

If you'd like to get to know us or discuss something over coffee, drop us a line.