Google Seeks to Shift Privacy Spotlight from Online Ads
STANFORD, Calif. -- Google is trying to shift the U.S. online-privacy discussion - which has concentrated on the advertising that the company depends on -- toward specified risks to users, a company lobbyist indicated.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Government regulation focused on advertising could restrict service improvements and the exercise of First Amendment rights, said Pablo Chavez, Google senior policy counsel in Washington, speaking Monday at a Stanford Law School speaker series. He said it also raises the prospect of “a world of surfing by going through TSA gates” to verify the identities of those whose consent may become required to collect and keep information about them. Chavez said he was speaking only for himself.
Privacy should be balanced against other interests, Chavez said. An alternative would be aiming to control profiling by sexual or health status and access to user information by the government and parties to lawsuits, he said. “There have been very serious discussions” about seeking to tighten requirements such as the federal Electronic Communications Privacy Act provisions that allow law enforcement officials easy access by subpoena rather than warrant to e-mails stored on third-party servers longer than 180 days, Chavez said. He didn’t elaborate, saying “it may be premature to talk about” this “behind the scenes” activity.
HIPAA may provide a useful model for online tracking information, Chavez said. The federal health-information law calls for “reasonable efforts… a defensible way of anonymizing or saying you've disposed of information,” he said. In connection with electronic health records, Congress must decide to handle privacy under HIPAA or a “better, more adequate regulatory structure,” Chavez said. “It won’t be settled at the beginning of the 111th Congress,” he predicted.
Chavez cited several ways in which he said the U.S. privacy debate is askew. It “often gets a little removed from reality,” he said. He said more attention should be paid to what consumers think about privacy questions and to tailoring rules to cases where users are concretely harmed.
Chavez made much of variations in how privacy rules and concerns apply in the U.S. “There is a kind of fragmentation of policy regulation” by the government and by industries, he said. FTC action has called into question the structure of rules, Chavez said. Cable companies and common carriers don’t come under the commission’s authority, he said. State legislation is questionable, since “it’s a national if not global business,” Chavez said.
NebuAD targeting tests by ISPs “really seemed to capture the imagination of a lot of policymakers” as an issue and “lit this into a massive policy free-for-all,” Chavez said. ISPs, seeing themselves as singled out for criticism, broadened the discussion to including Google by contending that “what’s sauce for the goose is sauce for the gander,” he said.
A “structural problem” has kept Congress from resolving data security and privacy problems, Chavez said: “jurisdictional battles” between committees. Dealing with the Hill is also tricky because staffers have trouble explaining what interests they are concerned about protecting in dealing with privacy, he said.
The FTC’s Fair Information Practice Principles aren’t perfect, Chavez said. “Many people… think that these are incomplete,” he said. The principles don’t distinguish between pieces of information that can and can’t be readily linked to identified users, Chavez said.
Google has played up to the commission the use of in-ad notice, Chavez said -- offering users served a message a link to details on how information on them will be handled. Learning how consumers respond could give companies valuable marketing information itself, he said. “You can engage in a conversation with consumers instead of hiding information” on privacy practices.
Further technology innovations on privacy are coming from companies, Chavez said. Google recently started a privacy channel on YouTube, open to user comments, to provide plain-language explanations of concepts like cookies, he said. The company’s watchwords on privacy technology are “granularity and conversations with customers,” Chavez said.
European policy “has been a little bit of a challenge to companies like Google,” Chavez said. He said efforts to treat IP addresses as personally identifiable information are especially troublesome. The privacy risks are entirely different depending on whether the holder can match up addresses with information such as registration data, Chavez said. Metasearch engine Ixquick often has been held up as the “gold standard” on information retention, but since it “rides on” underlying engines like Google’s, it doesn’t need to worry about holding data to improve its service, he said.