Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Businesses The Internet Privacy Government Your Rights Online Politics

Google Calls for International Privacy Standards 75

HairyNevus writes "The Washington Post has an article detailing Google's request for international privacy standards. Google is taking this matter all the way to the U.N., arguing that a hodge-podge of privacy law unnecessarily burdens Internet-based companies while also failing to protect consumers. Although Google is currently under investigation by the EU for its privacy practices, the company claims it has been a crusader for protecting consumer privacy. Google's privacy counsel Peter Fleischer called America's privacy laws 'too complex and too much of a patchwork,' and the European Union's laws 'too bureaucratic and inflexible.' The alternative? Something closer to the Asia-Pacific Economic Cooperation's framework which 'balances very carefully information privacy with business needs and commercial interests', according to Fleischer."
This discussion has been archived. No new comments can be posted.

Google Calls for International Privacy Standards

Comments Filter:
  • The problem with international standards for privacy is that some cultures have to give up the privacy rights, and right now, it is too early to attempt an international solution until we know locally what we want our rights to be.

    We Americans might decry European standards and European "bureacracy", but they are Europe's to define. Similarly, whatever consensus we come to about privacy in the USA is our consensus. Until Europeans and Americans nail down what their rights and standards are, it makes little sense to try and adopt an international framework.
    • by gravos ( 912628 )
      And perhaps just as importantly, what the penalties should be for companies who fail to respect those rights. I'm not sure we can seriously expect the same kind of penalties to apply internationally for crimes like "leaking SSNs" when SSNs don't even exist outside of the US.
      • Re: (Score:1, Informative)

        by Anonymous Coward
        There is many countries who have similar things. And they are even called either Social Security Numbers or Person Identification Numbers. As far as I know Finland has one. And Sweden, Norway, Denmark probably also Germany. It's just needed in modern society to have ability to identify the people distinctively. On the other hand at least in Finland the law is very strict what can be done with the people's information and what rights people have to their own info.
    • The problem with international standards for privacy is that some cultures have to give up the privacy rights

      Sorry, but I disagree. If you think carefully, I believe you'll realise there is another remarkably simple solution, and one that is almost certainly in the interests of private citizens everywhere at that. It's just not the solution Google wants.

      • by SnowZero ( 92219 )
        What, follow the union of laws from both countries, which could be self-contradictory and make doing any business at all impossible?

        We really do need to streamline privacy standards and make them more compatible across international boundaries. Ten years ago people were not concerned about a user in country A running an app on a server in country B which stores his personal data in country C, but today that's a reality. If the laws were similar enough, one could do that sort of thing without too many prob
        • What, follow the union of laws from both countries, which could be self-contradictory and make doing any business at all impossible?

          They could be contradictory. But realistically, it would be relatively easy to achieve harmony on the basis that the default position was everyone having privacy and no personal data collection being allowed without explicit consent, and then codifying some reasonable exceptions. Much bigger differences have been worked around when building international agreements in the past.

          The only realistic down-side to harmonising in this way is that a lot of companies whose business models are based on collecting

          • Re: (Score:3, Insightful)

            by SnowZero ( 92219 )

            They could be contradictory. But realistically, it would be relatively easy to achieve harmony on the basis that the default position was everyone having privacy and no personal data collection being allowed without explicit consent, and then codifying some reasonable exceptions.

            If its relatively easy, please explain how you would maintain SOX [wikipedia.org] or ISO 9001 [wikipedia.org] compliance while not keeping any personally identifiable records of your customers. It's way more difficult than you make it out to be. Also, the exceptions-only approach sounds like outlawing all international trade and then enabling it on a product-by-product basis; That seems to give the government way more control than they ought to have.

            • You're overstating the case by a large margin. For one thing, I didn't say you couldn't keep any personal data, I just said that was the only safe default and it is the reasonable exceptions that should be spelt out explicitly.

              For example, it would certainly be reasonable to codify a general exception that said businesses could store personal data necessary to administer a legitimate transaction with a customer, for as long as is necessary to conduct that transaction. However, it is not necessary for a bu

      • by tjstork ( 137384 )
        The thing is, you could have some universal "privacy" right... but, not all cultures agree with them. And, honestly, I'm not even sure, for myself, what rights to privacy people really have. I'm toying with the idea, in my head, that the internet would be better if it could be enforced that there were no anonymous messages at all, its just, I don't think it practically can....
        • I have long suggested that removing anonymity on the Internet might be a step forward. In practical terms, it offers little protection of free speech in the face of an oppressive government anyway, and supporting such speech is the major argument in favour of it. Meanwhile, all laws basically rely on being able to hold people accountable for their actions. If you allow effectively anonymous use of the Internet, then you allow anyone to break the law without responsibility. And thus we have everything from s

    • Google is feeling american privacy law harsh

      In my country, unless you sue Google, they force you to follow american laws, which seems the only one they spontaneously obey.

      Google have sales and development team here, they have servers and private network locally (which they don't say the purpose). Even both the offender and victim being local, when you ask something to Google, the only answer you get is:

      "We are US based, fill a DMCA form and send to us by regular mail (in the US) or fax it" and wait about a
    • Irony (Score:1, Interesting)

      by Anonymous Coward
      Google calling for privacy. GOOGLE!!! The guys who are keeping a huge data mine on anyone who uses their services...

      This is as funny as "Don't be evil"! Google just spews propaganda, and techies lap it up like good little doggies. And as long as they can entertain the masses with Microsoft execs throwing chairs and phony gestures to the FOSSie MS-hater community, they can keep growing that data mine bigger, and bigger, and bigger. Oh, and let's not forget about how much help they are giving to China's
    • and I don't think that Asia-Pacific Economic Cooperation's framework  is going to sit well with the us and european's cilliberties groups.

      still no problem about giving up theose pesky bloggers/journalists to the govenment when asked eh.
    • I wholeheartedly agree and disagree.

      Of course each country should rule here - however the problem is that we then get the trickle down effect.
      Just like in copyright where US extended copyright, then pressured the EU and they extended copyright the same thing has happened wrt privacy and will continue.

      Just like the doha WTO negotiation rounds where about who to take the blame (EU got the blame this time around) rather then to find a solution for free and fair trade.

      Case in point would be the human rights whi
    • Re: (Score:2, Insightful)

      Euro-American consensus is only the tip of the iceberg.

      There are governments that have misgivings about the WWW itself. Considering convenience issues for an American corporation may have an element of humor that we in the USA fail to appreciate.

      I think it is naive for Google to think that countries who can't reach a consensus on biological weapons or the disposal of hazardous waste will seriously consider this privacy request.

      Google wants all the data they can get-- and have profited handsomely from it. No
  • "Privacy" (Score:5, Insightful)

    by Scareduck ( 177470 ) on Saturday September 15, 2007 @04:29PM (#20619053) Homepage Journal
    will be defined as broadly (for Google, etc.) as possible. You won't recognize it after they're done, and you won't have any recourse because it's the "international standard" -- just like copyright restrictions.
    • international or not, for me, as a google search engine user, the term privacy will grow on me when google will clear up all the google cache. after that, it can start flirting with the media with claims of "international privacy standards, bla bla bla". just like a world order is just utopia, so is this. privacy standards depend on cultures, values, religion which vary in various countries. it's not just like a damn format that can be made into a standard.
  • by Via_Patrino ( 702161 ) on Saturday September 15, 2007 @04:30PM (#20619057)
    Privacy information can easily be bought from Google

    FTA: "To target their advertising, both Google, which specializes in text ads, (...) collect information on which sites users visit."

    As if it was just about visited sites, not about emails, searches, IMs, youTube, blogspot, orkut, user profile, ... anyway ...

    If you need data collected by Google just set up adwords for your needs (location, subject) redirecting to a brand new url. Where you can, for example, see if the redirected users have one of yours two-years-google-style cookie, and relate that cookie with profile data filled by users of your free-as-in-lunch services or with the e-mail addresses of webreaders of your crossite html embedded spam.

    Later you can bomb those people's email addresses with specialized phishing/scams/advertisement.

    And Google is still no evil, they just provide the circus which is distracting people from reality and hidden disclaimers.
    • by Anonymous Coward

      Privacy information can easily be bought from Google
      FTA: "To target their advertising, both Google, which specializes in text ads, (...) collect information on which sites users visit."

      Those two sentences have nothing to do with each other. My government collects a lot of taxes too, but that doesn't mean I can easily access the funds. If you've got evidence they sell it, show it. Otherwise stop FUDing. There's enough wrong today with user privacy that you don't have to make stuff up.

      As if it was just about visited sites, not about emails, searches, IMs, youTube, blogspot, orkut, user profile, ... anyway ...

      Yes, google has an assload of information, which can be a little scary. Then again, so does my bank, credit card company, and health insurance company. Medical privacy works pretty well because we have

    • I think this is where I chime in and say:

      I've created several email addreses for myself through my ISPs and keep them tightly focused on who gets them. Each company gets it's own email address.

      On my personal account after 2+ weeks of sending and receiving email only with friends with GMail accounts, I started to receive my first spam. This is after several month of spamlessness. Earlier emails were to the same people plus some with other accounts. I've never registered that email address with any compan
  • by Anonymous Coward on Saturday September 15, 2007 @04:32PM (#20619069)
    "If we can't index it, it's private... until we figure out how to index it."
  • I worry (Score:5, Insightful)

    by TubeSteak ( 669689 ) on Saturday September 15, 2007 @04:33PM (#20619079) Journal
    Whenever [Your Country] laws get harmonized with international laws, it's usually because the international laws are weaker.

    Google's privacy counsel Peter Fleischer called America's privacy laws 'too complex and too much of a patchwork,'
    Some states have laws that are stricter than Google would like

    the European Union's laws 'too bureaucratic and inflexible.'
    The entire EU has laws that are stricter than Google would like

    The alternative? Something closer to the Asia-Pacific Economic Cooperation's framework which 'balances very carefully information privacy with business needs and commercial interests', according to Fleischer."
    Ahhh... finally someone whose privacy laws are not as strict as everyone else. Lets harmonize all other laws with these.

    I won't go into the issues surrounding [Any Corporation] pushing for a change in not just national laws, but international laws. Suffice it to say that it isn't something I like.
    • by Tim C ( 15259 )
      Whenever [Your Country] laws get harmonized with international laws, it's usually because the international laws are weaker.

      Well in this particular case, I agree that that's what Google is pushing for. However, in my experience the opposite is generally true - see for example copyright laws.

      I think in the case of businesses pushing for harmonisation of laws it would be more generally true to say that push to harmonise in the direction that most benefits them. Hence the US and WTO pushing for companies to si
    • That's not really true, and it depends on what side you're on. For example, the US didn't grant copyright to works originating in foreign countries until it joined the Berne Convention in, I think, 1989. Then it did, and also extended copyright retroactively to foreign works through the URAA. Thus, through international law, if you're a "content owner," when the US adopted the international framework, the laws became stronger.

      On the other hand, the public's right to use the expressions as they wish became w
  • Trust (Score:2, Interesting)

    by J05H ( 5625 )
    Who do you trust more, Google or the government you live under? That is the root question.

    There have been many recent breeches of information security in government and corporate computers. (esp. banking/credit/health sectors) Does a company like Google, who's bread and butter is information, have a naturally more trustable position from the end-user's perspective? Is it possible for Google to create a firewall to protect users from all data intrusion?

    Google briefly had a market cap higher than Lockheed. Th
  • by YrWrstNtmr ( 564987 ) on Saturday September 15, 2007 @04:46PM (#20619197)
    Now we shall see the slow opening of what's been happening for years. Corporations telling governments what to do, and getting it. Google is no different than any other corp, except they are laying their cards out on the table for all to see.
    "Governments of the world...this is what we want you to do (because it will help our bottom line)", instead of the standard backroom deals.
  • So does anyone know what the Asia-Pacific Economic Cooperation's framework privacy laws look like?
    Anyone living in countries having these laws.
    A description like 'balances very carefully information privacy with business needs and commercial interests' says pretty much nothing especially from someone who has a major interest in describing things in a positive way.
    Can anyone tell me what the actual differences are between these laws and for example a specific EU country (as far as I know the laws differ pret
    • The laws do differ in Europe, but even the least common denominator is considerably stronger than what the US has. (Obligatory Wikipedia citation for background [wikipedia.org])

      The problem with this whole debate is that it is often presupposed that supporting commercial interests is a good enough reason to allow the arbitrary collection of personal data in the first place, and the question asked is only to what extent this should be regulated. I submit that by the time you get that far, you've already made an irrecoverab

  • So basically what Google wants is for decision about laws to be further and further removed from small communities, and instead moved to national, and ultimately international, bodies.

    When this happens, individual voters rightly believe that they've lost a meaningful say in the laws that govern them.

    Corporate profits are not a good reason for us to give up our freedom of self-legislation.
    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Saturday September 15, 2007 @08:01PM (#20620799)
      Comment removed based on user account deletion
      • Re: (Score:3, Interesting)

        by TubeSteak ( 669689 )

        What Google wants is a standard they can apply universally rather than having to worry about breaking the law when someone in a very privacy-protective country accesses a system designed for a region with less-stringent requirements.

        This is obvious, and people are overreacting.

        No shit it's obvious, which is exactly why people are "overreacting".

        Here are the only possible scenarios:
        A) International standards are made consistent with the countries that have the highest levels of privacy protection
        B) International standards are made consistent with the countries that have the lowest levels of privacy protection
        C) International standards are set somewhere between A & B

        Now whatever answer you pick, countries are going to get screwed:
        A) Low standard countries have to pay lots of m

      • When you have an international standard, everything you need to do is clear and straightforward

        We know that because it's written in ISO Standard Document 42332/J, Chapter 6, subsection 3, paragraph 2.

        Easy setups aside, so what if it's clear and straightforward? If the standard says "bend over" that's very clear and straightforward. If the standard says "everybody has to do things the same way", that's very clear and straightforward.

        So, Google, you want it easy. Well, sorry Google, that's Sloth.

  • Be careful what you wish for.

    You might get it.
  • pot calls for black kettle!
  • by mmcuh ( 1088773 ) on Saturday September 15, 2007 @05:15PM (#20619405)
    If Google, a company whose main business model is to know everything about everyone, thinks that the European privacy laws are 'too bureaucratic and inflexible', the EU commission and the European parliament must be doing something right.
  • The EU regulations (which are implemented as law by the individual member states, and hence there are variations) for the most part a) define what is "personal information", b) require companies to delete personal information they collect that they don't have a genuine business need for (i.e. keeping financial records is a genuine business need - keeping your e-mail folders around after you've closed your e-mail account is not), c) require companies to track where they got someones personal information to a
    • AFIAK, even in Europe you still do not have the rights to demand that a company delete personal data about you or to prevent them from collecting it in the first place. You only have the right to see (for a fee) what they're holding about you, and to require them to correct it if it's wrong. Some countries impose more restrictions than this, but they're not universal. This is a major part of the privacy problem, IMHO.

      • That's certainly not true in Slovenia (which is a part of EU). As a company you have a right to collect only data that you actually need and get to keep parts that you need for as long as you have to and not any longer.

        You certainly have to delete personal data when request by owner in reasonable amount of time unless you have legal obligations to keep it.
  • Similar, but not identical to what someone said above:

    The problem with setting "International Standards" is that United States standards that have worked quite well tend to get watered down.

    This has happened at least twice before, when copyrights and patent standards were "internationalized" to better match European standards. Neither of them now work anywhere near as well as they used to, before our government messed with them.

    If it ain't broke, don't fix it. And I am goddamned tired of our "repre
  • What the hell.. (Score:2, Insightful)

    by Anonymous Coward
    Commercial interest should have nothing to do with my right to privacy. NOTHING.
    • by dshk ( 838175 )
      The problem is that the laws of two countries are different but you can be the subject of both laws. And the laws may contradict. I talked with a friend today, he is a lawyer, and he said that you can be arrested in the USA if you don't comply with the USA law (assuming that you travel to there), on the other hand if you do comply then you will be punished in your own country. One of their clients were in such a situation recently, and I was also in a similar situation this week. This was a friendly convers
  • by Wonderkid ( 541329 ) on Saturday September 15, 2007 @06:37PM (#20620075) Homepage
    If the owners of a business don't posess enough common sense and concept of decency to protect their users, then they don't deserve and should not be permitted to run the business - no matter their corporate might! As posted on our news page [owonder.com], all that is required is that web portals finally start putting the well being of their users ahead of their shareholders because the silent majority of people will soon tire of being fodder for generally worthless 'advertising' that often relies upon breaches of our most sacred asset. And another point, with all the amazing technology and intellectual capital out there, isn't it about time that the industry begins to devise alternative methods with which to monotise their services? Thinking never hurt anyone. /Rant over. Let the common sense begin!
  • If Google is sick of having to tighten up their privacy policy for every local government that's stricter then their current policy, there's an easy solution. Find the state/country with the strictest privacy laws and make that your universal policy. I imagine the amount of places you'd have to modify it for local laws (such as laws that require you to retain data longer then your new policy says) will be significantly less and it will make for greater privacy for users all around.
  • Yes, folks, because that's where you go when you REALLY just HAVE to get it DONE!

Avoid strange women and temporary variables.

Working...