Google Seeks Dialog on Traffic Data Retention Issues
CAMBRIDGE, U.K. -- Google’s goal of making all the world’s information accessible raises major privacy issues, Privacy Counsel-Europe Peter Fleischer said here Wed. The search giant is moving to relieve user discomfort with new offerings such as Google Earth, he said at the Privacy Laws & Business conference. It’s also backing change to U.S. privacy laws and entering the debate over national adoption of EU Internet data traffic retention rules.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Google is addressing privacy concerns in several ways, Fleischer said. Its products alert users to their privacy impact in a “googley” style -- defined as “be serious without a suit” -- telling them to read material with care because “it’s not the usual yada yada.” Data collection is transparent; individual search histories detail what data are being gathered and users have the option to remove items from the history.
Google privacy policies are easy to read, using a layered format that includes a simple one-page summary of the high points with links to the complete document and product information, Fleischer said. The company requires its partners to respect privacy as well, he said. Google Analytics, for example, provides 3rd-party websites with detailed, anonymous statistical reports on how visitors interact with sites. Users of the Analytics software must have privacy policies in place and disclose that the site uses a cookie to gather the anonymous traffic data, he said.
Google also explains its new services to users, said Fleischer. When it rolled out, Gmail prompted privacy fears over use of “contextual” ads based on key words in e-mails, he said. Those worries receded as users learned: (1) Gmail is an automated software; no humans read messages. (2) The targeted ads are the same as those found in Google searches. (3) The software resembles that used for virus-scanning and spam-filtering. (4) The ads are real-time, and no record is kept.
Another way to alleviate concerns is for companies to think about new services’ privacy implications, Fleischer said. Today’s text-based search is moving toward a multi- media approach, with images and sound searchable. Google Earth -- already a font of privacy complaints -- eventually will be able to identify individuals, raising the question of what to do about someone shown leaving a mental health clinic who objects to having his image available online, he said. Google is considering a notice/take-down procedure, Fleischer said.
“Resist excessive govt. requests for access to data,” Fleischer urged colleagues. Google was able to challenge a Justice Dept. subpoena for billions of URLs and 2 months’ worth of search queries, he said (the company was ordered to produce 5,000 URLs and no search queries). Google and other communications services providers (CSPs) must juggle cooperating with govt. agencies while shielding user data, he said. In the Justice Dept. episode, the U.S. didn’t strike the proper balance, he said, but the federal court did.
When Google does turn over user information to a govt., it notifies users of the request unless a court orders it not to, Fleischer said. When it censors a particular topic -- as it did on its Chinese service -- it tells users the search results have been blocked, he said.
As Internet services shift to Web 2.0, with data residing on corporate servers rather than home PCs, the issue becomes how to let users continue to control their personal information, Fleischer said. New services will capture much more data and put more of it online, he said. Google’s Search Across Computers -- which lets users access documents across computers via a Google server -- is opt-in, and gives users clear warnings about how to delete their information, he said.
Privacy experts should work to update laws for Web 2.0, Fleischer said. Those laws should give users the same level of protection whether data are on home PCs or servers, he said. U.S. law is inconsistent, with data on user computers enjoying strong 4th Amendment protection while data on corporate servers has fewer safeguards under the Electronic Communications Privacy Act (ECPA). To end that anomaly, Google wants a federal consumer privacy law and an update to ECPA, Fleischer said.
Protecting data in the context of police activities is raising deep concern in Europe, Fleischer said. In addition, a “serious and pragmatic” discussion on communications traffic data retention is needed. As EU countries adopt the data retention directive into national law, Google will point out how data storage works across jurisdictions, and how the law could create conflicts among law enforcement regimes as well as between the EU and U.S., he said.
Among many questions data retention raises is how to define a CSP, Fleischer said. Google and ilk need to know the legal standard for responding to orders to produce user information, and who has power to request that information, he said.
The EU is considering harmonizing data protection rules in the law enforcement sphere, Fleischer said, calling that a good idea. If Google must hand over personal information trapped under data retention rules, it would be helpful to know how it’s being used, he said.