EU Questions Google Privacy Policy

An anonymous reader writes "The BBC is running a piece noting that the EU is scrutinizing Google's privacy policy this month. The company's policy of keeping search information on their servers for up to two years may be violating EU privacy laws. A data protection group that advises the European Union has written to the search giant to express concerns. The EU has a wide range of privacy protections that set limits to what information corporations may collect and what they may or may not do with it. In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?"

That is just ignorant

[MonGuSE (798397)]

What you use or don't use is irrelevant as to what a company does with your data. Ever heard of information clearing houses? Basically huge databases set up just to collect individuals private data from everything the IRS, Criminal records, news reports, previous addresses, published papers, bank account info, credit accounts, investments everything. You can't keep companies from actively doing that without living completely off the grid.... Think about your statements next time.

A government concerned with it's citizens privacy?

[kungfujesus (969971)]

Wow! I now owe my friend 20 bucks! Damn, I never thought I'd lose that bet.

No.

[ScentCone (795499)]

Don't like a company's privacy policy? Don't patronize them. Don't like the lack of companies providing a particular service in a way that you DO like? You're probably not alone. Start one, using the money that you'll no doubt be able to attract, just like the Google guys were able to attract the money to start theirs. Think that some Evil US Corporation is operating on the internet in a way that you just can't stand? Unplug it from your country - your citizens surely won't mind.

Think "corporations" shou

Re:No.

[martin-boundary (547041)]

That's not so easy. If you have a friend who uses gmail, then whenever you send your friend an email, Google will keep *your* email for god knows how long. And they certainly didn't ask *you* about it. So your simplistic solution "don't patronize those kinds of companies" doesn't work.

Re:

[ScentCone (795499)]

If you have a friend who uses gmail, then whenever you send your friend an email, Google will keep *your* email for god knows how long. And they certainly didn't ask *you* about it. So your simplistic solution "don't patronize those kinds of companies" doesn't work.

Sure it does. Don't send e-mail to people who are supporting a business you don't trust. If you have actual, persuasive, sensible reasons to think that Google is Officially Evil, then you should have absolutely no trouble convincing an actual

Re:

[martin-boundary (547041)]

Uh, it's not like you can tell if they use google or not. Your friend might have a vanity email with redirection to his gmail account, or his ISP might use a google backend, etc.

Finally, if I say something in private to my friend, I don't see what business it is of Googles (or any other company) to snoop on what I'm saying. This has nothing to do with Google being Evil(TM) or not, it's just common sense. In fact, it would be silly to say that nearly everybody in the world is Evil(TM) just because I don't

Re:

[Liquid-Gecka (319494)]

So then tell your friend you won't email him at GMail. I am sorry, email is NOT something you can easily protect based on the very nature of how it is delivered and how much control there is at every point along its delivery route. Concerned about that? Encrypt your emails. Expecting email to be "private" is a joke. Its just like saying that your posts on a blog are private because you turn on some control lists.

Also, have you ever read Googles privacy policies? Its the only company that doesn't blanket st

Re:

[martin-boundary (547041)]

When I email a personal friend, I am not blogging on some random website, so I don't see how the two are supposed to be the same.

Also, have you ever read Googles privacy policies?

I don't need to read Google's privacy policy, since I'm not a gmail user. I'm not asking them for a service, they're the ones who insist on snooping on my words if I email a certain friend.

BTW, privacy policies don't protect customers over the long run. When a company wants to modify their policy, they phase it out with ol

Great idea in theory

[Infonaut (96956)]

Don't like a company's privacy policy? Don't patronize them.

This libertarian idea is wonderful in theory, but not so easy in practice. If all of the companies in a given market have economic incentives to make use of your private data, they will all err on the side of making more revenue, not protecting your privacy. In a publicly-owned company, the profit motive will always beat out any concerns that are considered secondary. Even where a company knows that privacy is important to users, they also know it is not *the* most important determining factor for customers. Therefore, even though it might be high on the list of customer concerns, all the companies in the market will still ignore it.

For an example of this in action, look at those obnoxious watermarks all American TV channels now display. Nobody likes it, but it's not enough of a detriment that people won't watch whatever ABC, CBS, NBC, et al, is showing. The fact that they all do it makes it impossible to show your displeasure by switching channels anyway.

Your example of the landscaping company records is a red herring. These sorts of customer service businesses only gather information related to the work they do for you, while search engines gather a much broader range of information. The fact that small service businesses get audited is irrelevant as well. Nothing in the audit records is going to provide anything beyond transaction dates and amounts. Generally speaking, Mom & Pop's Garden Service doesn't get routinely attacked by ambitious hacker networks, either.

I understand that you enjoy the benefits of companies using your personal information to provide better service. So do I. So do the vast majority of people. But I think it's a gross simplification to say that as a practical matter we really have much choice in the matter.

That goes both ways

[Rix (54095)]

Don't like a country's privacy laws? Don't do business there.

Re:

[CaptainZapp (182233)]

Don't like a company's privacy policy? Don't patronize them.

Don't like European laws? Don't do business there.

Interesting

[jeevesbond (1066726)]

So, due to privacy concerns, the EU dislikes Google storing data on its users, but forces ISPs to retain data for two years [slashdot.org]? Under the catch-all excuse of 'terrorism' no less.

In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?

They could follow each others example: the EU could introduce laws to stop government snooping, whilst the US introduces laws to stop corporate snooping. Personally I find the EU government snooping worse than Google, at least Google is a product choice, government laws can't be worked around. Although the purchase of Double-click does make Google's tracking somewhat difficult to avoid when surfing around.

Failing that, just use Scroogle [scroogle.org] and/or Tor [eff.org] and/or an ad-blocker. :)

Re:

[martin-boundary (547041)]

Personally, I find the US policy worse. With government snooping, there is parliamentary oversight in principle and the ability to change laws later, which is a lot better than trusting greedy investors and holier than thou companies to not sell my data to third parties, like crazy marketers, credit reporting and insurance companies, or front companies for organized crime.

Politics aside, as a rule I think that whichever solution limits more the spreading around of my data is the solution I prefer, at leas

What about retention?

[McGiraf (196030)]

What about the other laws? The ones about data retention by the ISPs so governments can subpoena it when they want to? Emails, Proxy logs etc? no privacy concern there? sheesh ...

There is a big gap

[Anonymous Coward]

The governement is beholden to respect the privacy law, and justify (with a judge signed document) getting those ISP kept data. Sure you can argue that they can abuse the power, but this would then be illegal. On face value the governement also cannot resell your data to somebody else. On the other hand corporation can do whatever they want including reselling your data to the most shaddy part of the world. This is partially why there is a privacy law in the EU because it is recognized of the possible abuse

The EU? The European Union?

[Opportunist (166417)]

The same EU that requires its ISP to store every connection you make, complete with timestamp and endpoints involved, for at least 6 months, but for however long the governments in the member states deem appropriate? The same EU that wants this information to be easily accessable by everyone who has a "vested interest" to hunt down legal offenses? Without describing too closely what a "vested interest" could be or whether only other governments or even some private organisations can access that information at will.

We're talking about that EU, yes?

Re:The EU? The European Union?

[da_matta (854422)]

The important difference in this is that the data stored by ISP's is for law enforcement purposes and requires a court order for access. There are also very strict regulations about who/why/when can access and how to log that access. Google and other companies store and use data to make profit with very little regulation.

Re:Absolutely not.

[Frosty Piss (770223)]

Not everyone is a Libertarian. Some people are Socialists.

Re:Absolutely not.

[daeg (828071)]

While I generally concur, something at least needs to be done to simplify the legal system. There is no reason a privacy policy cannot be a short, concise, two sentences.

"[Company] collects information which you may wish to remain private. [Company] retains the information for up to 2 years, and information may be made available to outside vendors without your consent."

Almost everyone can understand that. It's still a high reading level (generally), but far simpler than the 8 page privacy policy most companies have.

Re:Absolutely not.

[VON-MAN (621853)]

Simplify the legal system? Are you totally mad?

Nobody is better of with simpler laws! Not big business, not politicians and not the lawyers. Just imagine, someone from the general public reads your policy or the law, and really understands it. Do you understand the potential dangers there?

No, simpler laws is in nobodies interest. At least not somebody who has something to say about it.

Re:Absolutely not.

[AuMatar (183847)]

No, it isn't my job and it shouldn't be. I have a *right* to privacy. Corporations have no right to keep, much less distribute, most of the information they store.

Re:

[TodMinuit (1026042)]

The right to privacy is the right to be free from outside intrusions into your personal matters. Willingly giving up private data by, say, searching the Internet is in no way a violation of your right to privacy.

Re:Absolutely not.

[dwater (72834)]

IMO, it's not at all obvious that the act of searching for something gives up an private data.

Re:

[sumdumass (711423)]

This is the Internet, it is the new century. If there was one thing we should have learned by now is that nothing is free. You have to assume the have something to gain by letting you use their services free of charge.

However, I'm not aware Google sells this information to anyone rather it does marketing research for it's advertising departments. Storing the search information to let them analyze the in for and turn an extra dollar from the advertising could mean the difference from paying a service fee to

Re:

[dwater (72834)]

Why should we trust google?

I prefer they just don't collect the information in the first place, though I'm not sure how we can be sure that they don't. They can still put up adverts, if they want.

In any case, I don't see any option for me to pay for a google service without adverts.

Re:

[sumdumass (711423)]

Why shouldn't we trust Google?

And why would you think they need an alternative to their current business model if you don't like it? Your option is to find another search engine or whatever you use Google for. When your hungry for steak, you don't necessarily goto a fish shack for dinner complaining you couldn't get steak, you goto a steak house instead.

Re:

[dwater (72834)]

Trouble is, we don't really know what Google does with this.

It's more like going to a steak restaurant only to find that they serve BSE.

Re:

[sumdumass (711423)]

As far as I know, this information can't directly link you personally. IT is IP addresses looking for X or Y. So even if they did do something with the information, it isn't likely you could gain much from it. Well, that is unless you goto goggle saying I have an IP and a court order, gimme everything on them. But then the courts have been involved and the only chances the government has to violate your privacy is when the courts are involved.

There might be more to it then just an IP. They might have a user

Re:Absolutely not.

[siddesu (698447)]

_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.

I for one want to know very much how are they using the data from the web stats service google provides. I see that everyone and their dog have the scripts, and while I agree to disclose some statistics to the sites that I'm visiting, I don't remember ever agreeing to disclose the same information to google.

Re:

[General Wesc (59919)]

_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.

I certainly know what information I'm giving them. What I don't know is how much they store and how effectively they piece it all together. Why do I need to know what Google is doing with my data? I gave them my d

Re:Absolutely not.

[siddesu (698447)]

Good for you. I certainly don't know what data they have about me, where are they getting it from, and how are they putting it together. I much rather have a legal mechanism that requires them to tell me what data they have about me if I ask, and enables me to have it removed, then not.

I used to live in a society in which detailed files on people were customarily kept, and used to make people behave. From my experience, allowing any company (or organization, for that matter) to have data files on people without any option of the people to control what's in those files and who's accessing them isn't the smart thing to do.

But to each their own.

Re:

[VJ42 (860241)]

I much rather have a legal mechanism that requires them to tell me what data they have about me if I ask, and enables me to have it removed, then not

Say what you like about privacy here in the UK, but we have the data protection act, which does exactly that (if I give them aproximate times and places, I can even make people trawl through CCTV footage and show me any pictures of me they have). And if I don't want info x to be on the database of company y, then I can tell them to remove it.

Re:

[hcmtnbiker (925661)]

Google should effectively has part ownership to everything you do on their servers. And therefore they have the right to what to do with it, if you don't like what they do don't share information with them, it's that simple.

Re:

[zzatz (965857)]

No, Google does not have the right to do whatever they like with everything on their servers, and neither does anyone else. You may have heard of copyrights, patents, and trademarks. Google has copyrighted information on their servers. The law gives them limited rights to use that information, but they need permission from the copyright holder to do other things with it.

A case can be made that I hold copyright to information about me, or a right to privacy which may work like copyright. That is, Google is f

Re:

[AuMatar (183847)]

Using a search engine is not willingly giving up my data. Unless you have a signed contract by me saying I give it up, I haven't given you permission to take any data from me.

And truthfully, I disagree even with your premise. Unless you have the ability to do the same transaction without giving up your data, it isn't a willing exchange but coercion.

Re:

[zzatz (965857)]

You've made an assertion without providing any supporting evidence, explanation, or argument. The only value such unsupported assertion holds is as a litmus test to demonstrate that you belong to a group with a certain idealogy. Why isn't it the government's job to play a role in protecting the right to privacy? Arguably, government's most important job is to protect the rights of all people, such as life, liberty, freedom of conscience, freedom to associate with whoever you choose, and so on.

Corporations c

Re:

[sumdumass (711423)]

The constitution describes the government's job or role in america. Along with the declaration of independence and such that led us into the country we are. I don't see anything in the constitution that says protecting people privacy from everyone else. Now state or local governments might have something but none that I'm familiar with.

Arguably, government's most important job is to protect the rights of all people, such as life, liberty, freedom of conscience, freedom to associate with whoever you choose,

Re:

[sumdumass (711423)]

Ok, I think maybe we are closer in agreement then I originally thought.

Law is made where rights collide and conflict. As often put, your right to swing your fist ends at my nose. In the US, privacy is a right, but one that is poorly defined and with unknown boundaries. I think that European laws provide good guidance, and would like to similar laws here. My image and voice cannot be used without my permission, outside of fair use exemptions. How is other personal information any different?

The courts have

Re:

[someone1234 (830754)]

Yeah, but your own government is run by private companies, so what do you do.

Re:

[h2g2bob (948006)]

The largest part of the data laws is this:
1. Tell people what data you are collecting from them
2. Keep the data you collect safe

This allows you to "look after your privacy", as you suggest.

Re:

[martin-boundary (547041)]

Utterly nonsensical. Privacy is like security, it's the job of the government to provide it to everybody, period.

Re:

[babbling (952366)]

I actually see the current state of things in the US as a loophole. As long as the government outsources their spying, they can go unregulated. They can subpoena companies at any time and gain access to any data that those companies have.

Re:

[jlarocco (851450)]

Why exactly they would want to keep and associate search records with individuals for two years or more seems an absolute mystery to me, and perhaps it's slightly creepy. But to my knowledge there's not a single instance of this data having been abused for blackmail, investigation for sedition, investigation for drug use, etc. All of these are clearly possibile, however.

<sarcasm>I agree 100%. We should wait for it to become a huge, entrenched problem first. Then, when this information is being lo

Re:

[Andrew Kismet (955764)]

As far as I can tell, they use the data to generate trend information, work on localisation, and generally find out where they need to focus the 80% of their 80/20 time.

As long as I know what data they're storing, I have no problem with them keeping my data for up to two years. Maybe I'll regret that two years from now, but it's very unlikely.

Re:

[siddesu (698447)]

How, pray tell, do you know what google uses this data for? Are you on their board or something? Unless you have no access to that kind of information, you don't know. There is still this case of American phone companies providing phone call data _willingly_ to the US government. Did you know about that before someone blew the whistle? And this happens in a country in which government abuse of private information is very much under control, compared to the rest of the world.

Don't be so naive, every large co

Re:

[wizardforce (1005805)]

do no evil just became do slightly less evil than otherwise.

that was meant in reference to google's earlier stance on google china where it was decided that refusing to cooperate with china's censorship of its people was not worth it. it was in fact voiced on slashdot on more than one occasion on slashdot that this wasnt very good thing for google to do it. it was not meant as a flame in any way shape or form, just a comment on google's history and how it reflects on the current topic.

Re:

[wizardforce (1005805)]

Are you saying we should violate Google's right to privacy on the notion that it is *possible* that there is a problem?

since when was my right not to be essentially spied on a violation of Google's privacy?

Re:

[sumdumass (711423)]

They are a corporation. In America a corporation is a substitute person and we have extended them most all of the rights persons have.

You can debate the right or wrongness of this. But until the laws and rules are changed, prepare to be disappointed a lot.

Re:

[sumdumass (711423)]

Hmm.. So a big collection of people don't have the same rights as a single person. Interesting.

Re:the obvious question:

[julesh (229690)]

Google is a US corporation. Of what concern are European privacy laws to it?

The concern is over the fact that they trade with people in the EU. US corporations that trade in the EU are required to follow EU laws; if they aren't, they may be fined by the EU (e.g. Microsoft), and if they do not pay their fines to the EU then they face having any of their property that is within the EU confiscated. This would include any money in transit from their European customers to them.