EU Questions Google Privacy Policy

An anonymous reader writes "The BBC is running a piece noting that the EU is scrutinizing Google's privacy policy this month. The company's policy of keeping search information on their servers for up to two years may be violating EU privacy laws. A data protection group that advises the European Union has written to the search giant to express concerns. The EU has a wide range of privacy protections that set limits to what information corporations may collect and what they may or may not do with it. In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?"

Re:Absolutely not.

[daeg]

While I generally concur, something at least needs to be done to simplify the legal system. There is no reason a privacy policy cannot be a short, concise, two sentences.

"[Company] collects information which you may wish to remain private. [Company] retains the information for up to 2 years, and information may be made available to outside vendors without your consent."

Almost everyone can understand that. It's still a high reading level (generally), but far simpler than the 8 page privacy policy most companies have.

Re:No.

[Liquid-Gecka]

So then tell your friend you won't email him at GMail. I am sorry, email is NOT something you can easily protect based on the very nature of how it is delivered and how much control there is at every point along its delivery route. Concerned about that? Encrypt your emails. Expecting email to be "private" is a joke. Its just like saying that your posts on a blog are private because you turn on some control lists.

Also, have you ever read Googles privacy policies? Its the only company that doesn't blanket state that they will change the privacy policy at any time without notice. They actually say that they will not reduce your rights if they change the policy. They also state that they will only use personal information for the intended purpose and if they decide to use it some other way they will get your consent.

Googles private Policy [google.com]

Re:That is just ignorant

[Raydome777]

The United Kingdom has a law (Data Protection Act (1984)) whose main point is to prevent companies from building those sort of databases. If you hold personal data about an individual you are under a legal obligation to to allow access to that individual access to that data so that they can check it is accurate, guarentee its security and you have have a good story on the information's relavance.

Obviously, this was all put in place before the Internet so its all a bit pointless, but I guess where the BBC is coming from is that, to UK ears, googles policy of storing your search history feels contrary to the law.

Re:Absolutely not.

[sumdumass]

Ok, I think maybe we are closer in agreement then I originally thought.

Law is made where rights collide and conflict. As often put, your right to swing your fist ends at my nose. In the US, privacy is a right, but one that is poorly defined and with unknown boundaries. I think that European laws provide good guidance, and would like to similar laws here. My image and voice cannot be used without my permission, outside of fair use exemptions. How is other personal information any different?

The courts have always held privacy is an expectation and to some degree you have to maintain that expectation. Changing into a bathing suit inside a change booth give you an expectation of privacy, changing on the beach in front of everyone doesn't. If I video tape that act and show it to people, I have only infringed on your privacy in one instance.

Similarly, you have some expectation of privacy in your own home, a bathroom/restroom and so on. To complicate things, there are situation were there is an illusion of privacy but there isn't actually one. A bank ATM location might be one were cameras watch you but your somewhat dislocated from others viewing you. The problem is when you involve other people or do something in places were you no longer have that expectation. Imagine that you told me in a private conversation that you though some girl was hot and wanted to get to know her better even though you and her were married. I am now privilege to this information because you told me. If I tell your wife, or her husband, I am not violating your privacy at all. Even If I tell her. Well, that is unless there is an agreement before you tell me and I agree not to tell anyone else.

When dealing with companies, Especially on the Internet were you have that illusion of privacy, you have effectively told them the same thing you told me, except for the information might have changed. They then take this information and do something with it. Some companies toss it out, some write it down and attempt to sell you sex aids, and some might sell this information to others who would want to sell you something. But when you involved them, you more or less gave them privilege to that information.

I don't disagree that some of the information should be held to a higher standard then "i have the hots for her" would have. Items like bank account numbers, credit services, personal finance or personal health information and such should be limited in every way. I think for the most part they are. But searching for ways to kill your wife, how to beat a speeding ticket, most romantic flowers and such are on a different level. Same with you purchasing a gallon of milk, a six pack of condoms and a spatula. But it is these personal numbers that you assume is private information because they link your banking or medical records, state identification, social security numbers and such that are a concern already have laws on their use. These have a larger potential of damaging you if placed in the wrong hands. But the fact is, when you deal with someone else, unless there is a law already involved or some agreement in place(privacy policy), you have handed over this information willingly to these people and it is really no different then you telling me which girl turns you on. You wouldn't expect hippa laws to save your medical privacy if you told every ugly girl in the bar that you have some STD to get them away from you.

I can understand concerns and fears about certain information. You are told to keep that private from the moment you get it. What I don't understand is essentially going to a ball game that will be televised and then complaining your picture was on TV when the camera pans the audience. There is no expectation of privacy there. But if the when certain private information is "required" to do business or participate in an otherwise public activity, the stuff you expect to be private should need your permission to be used in a way other then you expressly agreed to. Google has a privacy policy link on their main page, when using their services, you are essentially agreeing to those terms. Unfortunately, if your using firefox or possibly other browsers, the policy link is missing on the default start page.

Re:Absolutely not.

[Anonymous Coward]

You are wrong. Whether someone gives Equifax/Experian/Transunion the false information is irrelevant. The CRAs should be responsible for their statements - the same as anyone else. Under the "Fair Credit Reporting Act" it is only the attorney generals that can sue for providing false information. If you, as an individual, provide false, third-party information are you sheltered from all but an attorney general because you have some bogus "process to challenge"? Of course not. These corporation have an unreasonable layer of protection.

If I want to prevent others from opening credit in my name, I need a criminal report - more or less (in my state, at least) - showing why this is necessary. So they maintain a situation in which I am responsible for fixing mistakes and I am NOT allowed to add extra security to prevent taking credit out in my name (beyond name/address/soc.sec/birthdate/etc.). It is only the extra laws passed in their favor that allow them to get away with this level of asshattery.