EU Questions Google Privacy Policy

An anonymous reader writes "The BBC is running a piece noting that the EU is scrutinizing Google's privacy policy this month. The company's policy of keeping search information on their servers for up to two years may be violating EU privacy laws. A data protection group that advises the European Union has written to the search giant to express concerns. The EU has a wide range of privacy protections that set limits to what information corporations may collect and what they may or may not do with it. In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?"

Absolutely not.

Is it perhaps time to follow the European example and extend privacy laws to include corporations?

No. Don't like it, don't use it. It's your job to look after your privacy, not the Governments.

Re:Absolutely not.

Not everyone is a Libertarian. Some people are Socialists.

Re:Absolutely not.

While I generally concur, something at least needs to be done to simplify the legal system. There is no reason a privacy policy cannot be a short, concise, two sentences.

"[Company] collects information which you may wish to remain private. [Company] retains the information for up to 2 years, and information may be made available to outside vendors without your consent."

Almost everyone can understand that. It's still a high reading level (generally), but far simpler than the 8 page privacy policy most companies have.

Re:Absolutely not.

Simplify the legal system? Are you totally mad?

Nobody is better of with simpler laws! Not big business, not politicians and not the lawyers. Just imagine, someone from the general public reads your policy or the law, and really understands it. Do you understand the potential dangers there?

No, simpler laws is in nobodies interest. At least not somebody who has something to say about it.

Re:Absolutely not.

No, it isn't my job and it shouldn't be. I have a *right* to privacy. Corporations have no right to keep, much less distribute, most of the information they store.

Re:Absolutely not.

IMO, it's not at all obvious that the act of searching for something gives up an private data.

Re:Absolutely not.

_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.

I for one want to know very much how are they using the data from the web stats service google provides. I see that everyone and their dog have the scripts, and while I agree to disclose some statistics to the sites that I'm visiting, I don't remember ever agreeing to disclose the same information to google.

Re:Absolutely not.

Good for you. I certainly don't know what data they have about me, where are they getting it from, and how are they putting it together. I much rather have a legal mechanism that requires them to tell me what data they have about me if I ask, and enables me to have it removed, then not.

I used to live in a society in which detailed files on people were customarily kept, and used to make people behave. From my experience, allowing any company (or organization, for that matter) to have data files on people without any option of the people to control what's in those files and who's accessing them isn't the smart thing to do.

But to each their own.

That is just ignorant

What you use or don't use is irrelevant as to what a company does with your data. Ever heard of information clearing houses? Basically huge databases set up just to collect individuals private data from everything the IRS, Criminal records, news reports, previous addresses, published papers, bank account info, credit accounts, investments everything. You can't keep companies from actively doing that without living completely off the grid.... Think about your statements next time.

A government concerned with it's citizens privacy?

Wow! I now owe my friend 20 bucks! Damn, I never thought I'd lose that bet.

Where's the victim?

In the case of Google in particular, their retaining information about the search habits of users seems to have hurt no one.

Why exactly they would want to keep and associate search records with individuals for two years or more seems an absolute mystery to me, and perhaps it's slightly creepy. But to my knowledge there's not a single instance of this data having been abused for blackmail, investigation for sedition, investigation for drug use, etc. All of these are clearly possibile, however.

This whole question makes you aware of what a new medium the internet is. Should the content of a Google search be considered public or private information? My inclination is to consider it public. If people want a privacy friendly search engine, let them pay for one.

At any rate, as all this is evolving, why not give Google the benefit of the doubt. I say wait and see if there's actually a problem.

google.cn

google probably uses the search associations for ads or something- but at the rate that people use tor, cookie cullers etc. it seems to be a mute point.

At any rate, as all this is evolving, why not give Google the benefit of the doubt. I say wait and see if there's actually a problem.

they need to be watched just like any other company- just because their motto is do no evil [google.cn] doesnt mean they need to abide by that. especially if their laast stockholder vote says anything - do no evil just became do slightly less evil than otherwise.

Information Requests In Alberta

I am from Alberta. I we can take them Google up on a "Personal Information Protection Act" (PIPA) request to see what they are collecting on me and who they are sharing this with (my searches etc)... Google has to share all personal information they collect on me if they intend to use it or not(subject to a possible fee so I want to know what they charge for it first... and there is a complain process). Anyhow if you have paranoid concerns you can get some people to make some requests here in Alberta. I think having Google disclose information they are collecting here may be of interest to the people involved in this action. http://www.oipc.ab.ca/pipa/about.cfm [oipc.ab.ca]

No.

Don't like a company's privacy policy? Don't patronize them. Don't like the lack of companies providing a particular service in a way that you DO like? You're probably not alone. Start one, using the money that you'll no doubt be able to attract, just like the Google guys were able to attract the money to start theirs. Think that some Evil US Corporation is operating on the internet in a way that you just can't stand? Unplug it from your country - your citizens surely won't mind.

Think "corporations" shouldn't retain data about their customers? What? How about when two guys incorporate to form a landscaping company. Or a flower shop specializing in deliveries to business clients. Or an IT service shop. Never mind their obligation to keep all sorts of records in case they get audited seven years after a transaction - what about the degree to which retaining detailed information about their customers is the very thing that allows them to be valuable to those customers? If the customers would rather get less service in exchange for more privacy, they can shop for vendors and service providers that have to ask them the same questions every time the interact so they'll... feel better? Personally, I like the fact that the franchise that changes my vehicle's engine fluids is already pulling up my service record when they see my license plate roll into their queue lane.

Re:No.

That's not so easy. If you have a friend who uses gmail, then whenever you send your friend an email, Google will keep *your* email for god knows how long. And they certainly didn't ask *you* about it. So your simplistic solution "don't patronize those kinds of companies" doesn't work.

Great idea in theory

Don't like a company's privacy policy? Don't patronize them.

This libertarian idea is wonderful in theory, but not so easy in practice. If all of the companies in a given market have economic incentives to make use of your private data, they will all err on the side of making more revenue, not protecting your privacy. In a publicly-owned company, the profit motive will always beat out any concerns that are considered secondary. Even where a company knows that privacy is important to users, they also know it is not *the* most important determining factor for customers. Therefore, even though it might be high on the list of customer concerns, all the companies in the market will still ignore it.

For an example of this in action, look at those obnoxious watermarks all American TV channels now display. Nobody likes it, but it's not enough of a detriment that people won't watch whatever ABC, CBS, NBC, et al, is showing. The fact that they all do it makes it impossible to show your displeasure by switching channels anyway.

Your example of the landscaping company records is a red herring. These sorts of customer service businesses only gather information related to the work they do for you, while search engines gather a much broader range of information. The fact that small service businesses get audited is irrelevant as well. Nothing in the audit records is going to provide anything beyond transaction dates and amounts. Generally speaking, Mom & Pop's Garden Service doesn't get routinely attacked by ambitious hacker networks, either.

I understand that you enjoy the benefits of companies using your personal information to provide better service. So do I. So do the vast majority of people. But I think it's a gross simplification to say that as a practical matter we really have much choice in the matter.

Interesting

So, due to privacy concerns, the EU dislikes Google storing data on its users, but forces ISPs to retain data for two years [slashdot.org]? Under the catch-all excuse of 'terrorism' no less.

In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?

They could follow each others example: the EU could introduce laws to stop government snooping, whilst the US introduces laws to stop corporate snooping. Personally I find the EU government snooping worse than Google, at least Google is a product choice, government laws can't be worked around. Although the purchase of Double-click does make Google's tracking somewhat difficult to avoid when surfing around.

Failing that, just use Scroogle [scroogle.org] and/or Tor [eff.org] and/or an ad-blocker. :)

What about retention?

What about the other laws? The ones about data retention by the ISPs so governments can subpoena it when they want to? Emails, Proxy logs etc? no privacy concern there? sheesh ...

The EU? The European Union?

The same EU that requires its ISP to store every connection you make, complete with timestamp and endpoints involved, for at least 6 months, but for however long the governments in the member states deem appropriate? The same EU that wants this information to be easily accessable by everyone who has a "vested interest" to hunt down legal offenses? Without describing too closely what a "vested interest" could be or whether only other governments or even some private organisations can access that information at will.

We're talking about that EU, yes?

Re:The EU? The European Union?

The important difference in this is that the data stored by ISP's is for law enforcement purposes and requires a court order for access. There are also very strict regulations about who/why/when can access and how to log that access. Google and other companies store and use data to make profit with very little regulation.

NT

Move along, move along

Here's an idea

How about no one gives a shit. Nobody is being forced to use google if they don't want to that I'm aware of and I don't think that any government should really care all that much how long or if a company chooses to keep the data of its service's users. Really this is a non-issue to me.

In the meantime there is always things like:

TrackMeNot [mozilla.org] I am in no way affiliated with these guys but I think the concept is pretty elegant, in a brute force way. Essentially your real searches become invisible again in a sea of random searches.

Google.com vs Google.co.uk?

Alright... so Google may be invading digital rights privacy policies? If this is the case, with how HUGE google is, they could probably in a matter of about an hour edit their information collection programming based on the actual google site visited, whether it be .com, .de, .co.uk, .nz, or any other country-based website extension. As for .com, I believe that's commercial, and since Google is based in California(I believe... I KNOW it's U.S.-based), then the laws on their .com /should/ be based on the commercial laws of the United States. I don't think Google has a habit of being lazy and doing nothing about this until it comes to court time. So we probably won't see them in court. Only thing I can blame Google for is buying out other companies, covering every square inch of digital medium they can find. Wait... if google uses Linux, then why do they only seem to distribute software for Windows? Oh well, that's another topic altogether.

Good for them!

If they get to take the "We have to abide by local laws" in the case of China, they'll be similarly obliged to change their ways in Europe as well. Unless, of course, they want to reveal themselves to be two-faced, scum-sucking bastards.

What about ISPs taking advantage of our data?

Due to data retention Directive http://eur-lex.europa.eu/LexUriServ/LexUriServ.do? uri=CELEX:32006L0024:EN:NOT [europa.eu], ISPs are gathering the resources required to fulfill its requirements -office, staff, hardware and software. But that's all at their cost! So, it looks like they decided to do something about it, like sell the user profiles they will soon have on every subscriber of their services. That's much closer to every user in a country, so don't be alarmed next time you see an ad from someone you never met but it looks like you did.

Re:the obvious question:

Google does business in the EU.

Re:Screw EU

hello shelley [shelleytherepublican.com]

Re:the obvious question:

Google is a US corporation. Of what concern are European privacy laws to it?

The concern is over the fact that they trade with people in the EU. US corporations that trade in the EU are required to follow EU laws; if they aren't, they may be fined by the EU (e.g. Microsoft), and if they do not pay their fines to the EU then they face having any of their property that is within the EU confiscated. This would include any money in transit from their European customers to them.