EU Questions Google Privacy Policy

An anonymous reader writes "The BBC is running a piece noting that the EU is scrutinizing Google's privacy policy this month. The company's policy of keeping search information on their servers for up to two years may be violating EU privacy laws. A data protection group that advises the European Union has written to the search giant to express concerns. The EU has a wide range of privacy protections that set limits to what information corporations may collect and what they may or may not do with it. In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?"

Absolutely not.

[TodMinuit]

Is it perhaps time to follow the European example and extend privacy laws to include corporations?

No. Don't like it, don't use it. It's your job to look after your privacy, not the Governments.

Re:Absolutely not.

[Frosty Piss]

Not everyone is a Libertarian. Some people are Socialists.

That is just ignorant

[MonGuSE]

What you use or don't use is irrelevant as to what a company does with your data. Ever heard of information clearing houses? Basically huge databases set up just to collect individuals private data from everything the IRS, Criminal records, news reports, previous addresses, published papers, bank account info, credit accounts, investments everything. You can't keep companies from actively doing that without living completely off the grid.... Think about your statements next time.

Re:Absolutely not.

[AuMatar]

No, it isn't my job and it shouldn't be. I have a *right* to privacy. Corporations have no right to keep, much less distribute, most of the information they store.

Re:Absolutely not.

[TodMinuit]

The right to privacy is the right to be free from outside intrusions into your personal matters. Willingly giving up private data by, say, searching the Internet is in no way a violation of your right to privacy.

Re:Where's the victim?

[instagib]

retaining information about the search habits of users seems to have hurt no one

I agree that Google themselves are not a "risk" - they use the data for ad targeting. But what if they are forced to reveal data, or get hacked, or just make a mistake?

The data they have from searches can be as complete as who searched when what, and clicked which result. Certain types of lawyers can create major problems for someone out of a data set like this.

Re:Absolutely not.

[dwater]

IMO, it's not at all obvious that the act of searching for something gives up an private data.

Re:Absolutely not.

[siddesu]

_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.

I for one want to know very much how are they using the data from the web stats service google provides. I see that everyone and their dog have the scripts, and while I agree to disclose some statistics to the sites that I'm visiting, I don't remember ever agreeing to disclose the same information to google.

Re:Absolutely not.

[hcmtnbiker]

Google should effectively has part ownership to everything you do on their servers. And therefore they have the right to what to do with it, if you don't like what they do don't share information with them, it's that simple.

Re:Absolutely not.

[zzatz]

You've made an assertion without providing any supporting evidence, explanation, or argument. The only value such unsupported assertion holds is as a litmus test to demonstrate that you belong to a group with a certain idealogy. Why isn't it the government's job to play a role in protecting the right to privacy? Arguably, government's most important job is to protect the rights of all people, such as life, liberty, freedom of conscience, freedom to associate with whoever you choose, and so on.

Corporations cannot and do not exist outside of laws created by governments. Corporations are not natural persons with inherent rights. It is government that provides the legal framework that limits the liability of the shareholders in a corporation, provides corporations with the ability to own property, and provides corporations any existence as a legal entities at all. The limits on the owner's liability are balanced with limits on the powers of the corporation. There is every reason for government to define and limit what corporations may and may not do.

The Founding Fathers of the US were familiar with the ways in which governments could abuse power, so they found ways to limit and control that power. But in today's world, corporations often hold as much or more power over our lives, and it is worth considering applying the same sort of checks and balances to corporations. The Constitution of the US flat-out prohibits the Federal Government from some areas, and perhaps the same thing needs to be done with corporations.

No.

[ScentCone]

Don't like a company's privacy policy? Don't patronize them. Don't like the lack of companies providing a particular service in a way that you DO like? You're probably not alone. Start one, using the money that you'll no doubt be able to attract, just like the Google guys were able to attract the money to start theirs. Think that some Evil US Corporation is operating on the internet in a way that you just can't stand? Unplug it from your country - your citizens surely won't mind.

Think "corporations" shouldn't retain data about their customers? What? How about when two guys incorporate to form a landscaping company. Or a flower shop specializing in deliveries to business clients. Or an IT service shop. Never mind their obligation to keep all sorts of records in case they get audited seven years after a transaction - what about the degree to which retaining detailed information about their customers is the very thing that allows them to be valuable to those customers? If the customers would rather get less service in exchange for more privacy, they can shop for vendors and service providers that have to ask them the same questions every time the interact so they'll... feel better? Personally, I like the fact that the franchise that changes my vehicle's engine fluids is already pulling up my service record when they see my license plate roll into their queue lane.

Interesting

[jeevesbond]

So, due to privacy concerns, the EU dislikes Google storing data on its users, but forces ISPs to retain data for two years [slashdot.org]? Under the catch-all excuse of 'terrorism' no less.

In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?

They could follow each others example: the EU could introduce laws to stop government snooping, whilst the US introduces laws to stop corporate snooping. Personally I find the EU government snooping worse than Google, at least Google is a product choice, government laws can't be worked around. Although the purchase of Double-click does make Google's tracking somewhat difficult to avoid when surfing around.

Failing that, just use Scroogle [scroogle.org] and/or Tor [eff.org] and/or an ad-blocker. :)

Re:Absolutely not.

[zzatz]

No, Google does not have the right to do whatever they like with everything on their servers, and neither does anyone else. You may have heard of copyrights, patents, and trademarks. Google has copyrighted information on their servers. The law gives them limited rights to use that information, but they need permission from the copyright holder to do other things with it.

A case can be made that I hold copyright to information about me, or a right to privacy which may work like copyright. That is, Google is free to use any personal information which I provide them for internal use, but that they need my permission to distribute it to anyone else.

I'm not worried about first-hand information collection. It's the sharing and selling, and absense of responsibility for accuracy, that poses the potential for abuse.

What about retention?

[McGiraf]

What about the other laws? The ones about data retention by the ISPs so governments can subpoena it when they want to? Emails, Proxy logs etc? no privacy concern there? sheesh ...

Re:Absolutely not.

[h2g2bob]

The largest part of the data laws is this:
1. Tell people what data you are collecting from them
2. Keep the data you collect safe

This allows you to "look after your privacy", as you suggest.

Re:No.

[martin-boundary]

That's not so easy. If you have a friend who uses gmail, then whenever you send your friend an email, Google will keep *your* email for god knows how long. And they certainly didn't ask *you* about it. So your simplistic solution "don't patronize those kinds of companies" doesn't work.

Re:Absolutely not.

[Anonymous Coward]

Arguably, government's most important job is to protect the rights of all people, such as life, liberty, freedom of conscience, freedom to associate with whoever you choose, and so on.

A limited government, in general, does not define specific rights that the people have and that the government must protect. It assumes that the people have all of those rights except those they have given to the government. The government does not give you the right to life, liberty, and the pursuit of happiness. You have given the government parts of those rights as necessary to operate the state. If you haven't delegated a right to the government, then it is yours by default.

The Founding Fathers were smart enough to write the Constitution so that the government had no part in protecting rights. It always annoys me when somebody spouts off that protecting rights is the most important job of the government. While the government today does that to a small degree, it was not designed for that purpose and it is far from its most important job (hint: read the Preamble). When people talk about rights being protected by the Constitution, what they really mean is that the Constitution expressly prohibits the government from taking an action. This is far from *actively* protecting rights.

Re:google.cn

[Anonymous Coward]

Google, as a corporation, doesn't have privacy. Unless they're working on some classified government projects, the only "privacy" they can have is spelled out in contracts with their employees. If some Google employee released all kinds of information about Google's inner-workings and financial information, the worst they could do is sue for breach of contract.

It just doesn't make sense for a corporation to have privacy because they're big collections of people working together. It's like saying "We should respect Chicago's privacy." WTF would that even mean?

Re:Absolutely not.

[General Wesc]

_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.

I certainly know what information I'm giving them. What I don't know is how much they store and how effectively they piece it all together. Why do I need to know what Google is doing with my data? I gave them my data, and so long as they don't violate an agreement I made with them, they aren't conning me.

Re:Interesting

[martin-boundary]

Personally, I find the US policy worse. With government snooping, there is parliamentary oversight in principle and the ability to change laws later, which is a lot better than trusting greedy investors and holier than thou companies to not sell my data to third parties, like crazy marketers, credit reporting and insurance companies, or front companies for organized crime.

Politics aside, as a rule I think that whichever solution limits more the spreading around of my data is the solution I prefer, at least while we wait for both the US and EU to fix their respective deficiencies.

The EU? The European Union?

[Opportunist]

The same EU that requires its ISP to store every connection you make, complete with timestamp and endpoints involved, for at least 6 months, but for however long the governments in the member states deem appropriate? The same EU that wants this information to be easily accessable by everyone who has a "vested interest" to hunt down legal offenses? Without describing too closely what a "vested interest" could be or whether only other governments or even some private organisations can access that information at will.

We're talking about that EU, yes?

Great idea in theory

[Infonaut]

Don't like a company's privacy policy? Don't patronize them.

This libertarian idea is wonderful in theory, but not so easy in practice. If all of the companies in a given market have economic incentives to make use of your private data, they will all err on the side of making more revenue, not protecting your privacy. In a publicly-owned company, the profit motive will always beat out any concerns that are considered secondary. Even where a company knows that privacy is important to users, they also know it is not *the* most important determining factor for customers. Therefore, even though it might be high on the list of customer concerns, all the companies in the market will still ignore it.

For an example of this in action, look at those obnoxious watermarks all American TV channels now display. Nobody likes it, but it's not enough of a detriment that people won't watch whatever ABC, CBS, NBC, et al, is showing. The fact that they all do it makes it impossible to show your displeasure by switching channels anyway.

Your example of the landscaping company records is a red herring. These sorts of customer service businesses only gather information related to the work they do for you, while search engines gather a much broader range of information. The fact that small service businesses get audited is irrelevant as well. Nothing in the audit records is going to provide anything beyond transaction dates and amounts. Generally speaking, Mom & Pop's Garden Service doesn't get routinely attacked by ambitious hacker networks, either.

I understand that you enjoy the benefits of companies using your personal information to provide better service. So do I. So do the vast majority of people. But I think it's a gross simplification to say that as a practical matter we really have much choice in the matter.

Re:No.

[martin-boundary]

Uh, it's not like you can tell if they use google or not. Your friend might have a vanity email with redirection to his gmail account, or his ISP might use a google backend, etc.

Finally, if I say something in private to my friend, I don't see what business it is of Googles (or any other company) to snoop on what I'm saying. This has nothing to do with Google being Evil(TM) or not, it's just common sense. In fact, it would be silly to say that nearly everybody in the world is Evil(TM) just because I don't want to share my private information with them.

But anyway, Google is certainly not doing anything FOR ME for FREE, since I don't use gmail myself. However, when I write an email to somebody who uses gmail, then Google is doing TO ME uncalled for things, like snooping on MY words, for FREE admittedly.

There is a big gap

[Anonymous Coward]

The governement is beholden to respect the privacy law, and justify (with a judge signed document) getting those ISP kept data. Sure you can argue that they can abuse the power, but this would then be illegal. On face value the governement also cannot resell your data to somebody else. On the other hand corporation can do whatever they want including reselling your data to the most shaddy part of the world. This is partially why there is a privacy law in the EU because it is recognized of the possible abuse of the corporate world (data rentention, and right of rectification).

I would rather give my data to the governement than to a corporation, especially seeing how quick they are to sell/whore it off. And don't think A SECOND that if the governement is asking politely anyway the corporation won't give all the data they have on you. Since you have next to no way to block the governement getting the data, then the only bit you can protect is refusing to give the data to corporation to begin with, OR to force them to reespect the privacy of the data.

And before you start spouting off something about free market, think that for some stuff you cannot really avoid local monopolies (health, electricity, water....). Meaning that either you live out of society or you are screwed with US policy.

Re:Absolutely not.

[siddesu]

Good for you. I certainly don't know what data they have about me, where are they getting it from, and how are they putting it together. I much rather have a legal mechanism that requires them to tell me what data they have about me if I ask, and enables me to have it removed, then not.

I used to live in a society in which detailed files on people were customarily kept, and used to make people behave. From my experience, allowing any company (or organization, for that matter) to have data files on people without any option of the people to control what's in those files and who's accessing them isn't the smart thing to do.

But to each their own.

Re:That is just ignorant

[harmlessdrudge]

Name ONE European govt that stores massive amounts of private information on people. You can't because there isn't one. There isn't a single govt. in Europe that has at its fingertips unified access to all of the information it holds about its citizens, just as the US doesn't. Do you usually invent such things? Credit reference agencies like Experian operate legally in Europe as do many other services that provide information about people. All operate subject to laws about what they can and cannot do. They are subject to much fewer restrictions in the US. Your comment "You think that the continent that spawned Imperialism, Fascism, and Communism would have learned not to trust the government by now." is sophomoric. You forget that these movements were popularly supported. One of their characteristics was idiotic characterisation of others followed by their oppression. Continents don't learn. People do, unless they uneducated, credulous, speak only one language, have never traveled outside their home country and perhaps, have a habit of just inventing what they want to believe. If which case they are people who would have no credible claim to say that would resist the next moron ideology. Furthermore, it is precisely the European experience of war that has driven the creation of the EU or "European Project" and EU wide standards, including EU directives on privacy. The Europeans have discovered that cooperation is a good basis for peace, justice and prosperity. Europe has learned some lessons the US has yet to learn.

Re:Absolutely not.

[VON-MAN]

Simplify the legal system? Are you totally mad?

Nobody is better of with simpler laws! Not big business, not politicians and not the lawyers. Just imagine, someone from the general public reads your policy or the law, and really understands it. Do you understand the potential dangers there?

No, simpler laws is in nobodies interest. At least not somebody who has something to say about it.

Re:Absolutely not.

[zzatz]

Perhaps I did express myself clearly. Rights are not entitlements. For example, you have a right to publish your thoughts, but you are not entitled to a printing press.

The basis of the Constitution is that people have inalienable rights, and it specifies one form of government derived from those rights. It enumerates certain rights, but in no way claims that the list of rights is exhaustive. Courts can and have held that other rights are inalienable and thus covered by the Constitution. These are not privileges granted by the government to the people, they are rights of the people. People are not given rights by the Constitution, they are born with inalienable rights.

Privacy has been ruled to be an inalienable right by the Supreme Court, even though it is not specifically listed in the Constitution. Of course, most of our familiar rights weren't listed in the original version. The First Amendment did not create the right to speak freely, we always had that right, it is inalienable. The First Amendment simply acknowledged it, similar to codifying common law into statute law. Some state constitutions, such as California's, do list privacy. Others don't. I'm convinced that privacy is an inalienable right.

Law is made where rights collide and conflict. As often put, your right to swing your fist ends at my nose. In the US, privacy is a right, but one that is poorly defined and with unknown boundaries. I think that European laws provide good guidance, and would like to similar laws here. My image and voice cannot be used without my permission, outside of fair use exemptions. How is other personal information any different?

Re:No.

[CaptainZapp]

Don't like a company's privacy policy? Don't patronize them.

Don't like European laws? Don't do business there.

Re:Absolutely not.

[LynnwoodRooster]

What if I ask for that information up-front, and the right to take a picture of you, and to use that information as I see fit? Because that's what is happening here with Google... They don't get your e-mail address unless you give it to them. They don't get ANY personal information unless you give it to them.