Slashdot Mirror
EU Questions Google Privacy Policy
An anonymous reader writes "The BBC is running a piece noting that the EU is scrutinizing Google's privacy policy this month. The company's policy of keeping search information on their servers for up to two years may be violating EU privacy laws. A data protection group that advises the European Union has written to the search giant to express concerns. The EU has a wide range of privacy protections that set limits to what information corporations may collect and what they may or may not do with it. In the US on the other hand privacy laws generally cover government actions while the business sector remains largely unregulated. Is it perhaps time to follow the European example and extend privacy laws to include corporations?"
Not everyone is a Libertarian. Some people are Socialists.
If you want news from today, you have to come back tomorrow.
While I generally concur, something at least needs to be done to simplify the legal system. There is no reason a privacy policy cannot be a short, concise, two sentences.
"[Company] collects information which you may wish to remain private. [Company] retains the information for up to 2 years, and information may be made available to outside vendors without your consent."
Almost everyone can understand that. It's still a high reading level (generally), but far simpler than the 8 page privacy policy most companies have.
What you use or don't use is irrelevant as to what a company does with your data. Ever heard of information clearing houses? Basically huge databases set up just to collect individuals private data from everything the IRS, Criminal records, news reports, previous addresses, published papers, bank account info, credit accounts, investments everything. You can't keep companies from actively doing that without living completely off the grid.... Think about your statements next time.
Wow! I now owe my friend 20 bucks! Damn, I never thought I'd lose that bet.
No, it isn't my job and it shouldn't be. I have a *right* to privacy. Corporations have no right to keep, much less distribute, most of the information they store.
I still have more fans than freaks. WTF is wrong with you people?
The right to privacy is the right to be free from outside intrusions into your personal matters. Willingly giving up private data by, say, searching the Internet is in no way a violation of your right to privacy.
I wonder if I use bold in my signature, people will notice my posts.
IMO, it's not at all obvious that the act of searching for something gives up an private data.
Max.
_willingly_ giving up privacy data is the key. willingly implies knowlingly. do you _know_ what kind of data google collects from all its services and how it uses it to track you? if you don't _know_, then you're not willingly giving up your privacy, you're being conned into giving up your data.
I for one want to know very much how are they using the data from the web stats service google provides. I see that everyone and their dog have the scripts, and while I agree to disclose some statistics to the sites that I'm visiting, I don't remember ever agreeing to disclose the same information to google.
Google should effectively has part ownership to everything you do on their servers. And therefore they have the right to what to do with it, if you don't like what they do don't share information with them, it's that simple.
If i had one dollar for every brain you dont have, i would have $1.
You've made an assertion without providing any supporting evidence, explanation, or argument. The only value such unsupported assertion holds is as a litmus test to demonstrate that you belong to a group with a certain idealogy. Why isn't it the government's job to play a role in protecting the right to privacy? Arguably, government's most important job is to protect the rights of all people, such as life, liberty, freedom of conscience, freedom to associate with whoever you choose, and so on.
Corporations cannot and do not exist outside of laws created by governments. Corporations are not natural persons with inherent rights. It is government that provides the legal framework that limits the liability of the shareholders in a corporation, provides corporations with the ability to own property, and provides corporations any existence as a legal entities at all. The limits on the owner's liability are balanced with limits on the powers of the corporation. There is every reason for government to define and limit what corporations may and may not do.
The Founding Fathers of the US were familiar with the ways in which governments could abuse power, so they found ways to limit and control that power. But in today's world, corporations often hold as much or more power over our lives, and it is worth considering applying the same sort of checks and balances to corporations. The Constitution of the US flat-out prohibits the Federal Government from some areas, and perhaps the same thing needs to be done with corporations.
So, due to privacy concerns, the EU dislikes Google storing data on its users, but forces ISPs to retain data for two years? Under the catch-all excuse of 'terrorism' no less.
They could follow each others example: the EU could introduce laws to stop government snooping, whilst the US introduces laws to stop corporate snooping. Personally I find the EU government snooping worse than Google, at least Google is a product choice, government laws can't be worked around. Although the purchase of Double-click does make Google's tracking somewhat difficult to avoid when surfing around.
Failing that, just use Scroogle and/or Tor and/or an ad-blocker. :)
I'm going to transform myself into a mighty hawk. Either that or I'll just go and work at Dixons, haven't decided yet.
No, Google does not have the right to do whatever they like with everything on their servers, and neither does anyone else. You may have heard of copyrights, patents, and trademarks. Google has copyrighted information on their servers. The law gives them limited rights to use that information, but they need permission from the copyright holder to do other things with it.
A case can be made that I hold copyright to information about me, or a right to privacy which may work like copyright. That is, Google is free to use any personal information which I provide them for internal use, but that they need my permission to distribute it to anyone else.
I'm not worried about first-hand information collection. It's the sharing and selling, and absense of responsibility for accuracy, that poses the potential for abuse.
What about the other laws? The ones about data retention by the ISPs so governments can subpoena it when they want to? Emails, Proxy logs etc? no privacy concern there? sheesh ...
The largest part of the data laws is this:
1. Tell people what data you are collecting from them
2. Keep the data you collect safe
This allows you to "look after your privacy", as you suggest.
That's not so easy. If you have a friend who uses gmail, then whenever you send your friend an email, Google will keep *your* email for god knows how long. And they certainly didn't ask *you* about it. So your simplistic solution "don't patronize those kinds of companies" doesn't work.
I certainly know what information I'm giving them. What I don't know is how much they store and how effectively they piece it all together. Why do I need to know what Google is doing with my data? I gave them my data, and so long as they don't violate an agreement I made with them, they aren't conning me.
The same EU that requires its ISP to store every connection you make, complete with timestamp and endpoints involved, for at least 6 months, but for however long the governments in the member states deem appropriate? The same EU that wants this information to be easily accessable by everyone who has a "vested interest" to hunt down legal offenses? Without describing too closely what a "vested interest" could be or whether only other governments or even some private organisations can access that information at will.
We're talking about that EU, yes?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Don't like a company's privacy policy? Don't patronize them.
This libertarian idea is wonderful in theory, but not so easy in practice. If all of the companies in a given market have economic incentives to make use of your private data, they will all err on the side of making more revenue, not protecting your privacy. In a publicly-owned company, the profit motive will always beat out any concerns that are considered secondary. Even where a company knows that privacy is important to users, they also know it is not *the* most important determining factor for customers. Therefore, even though it might be high on the list of customer concerns, all the companies in the market will still ignore it.
For an example of this in action, look at those obnoxious watermarks all American TV channels now display. Nobody likes it, but it's not enough of a detriment that people won't watch whatever ABC, CBS, NBC, et al, is showing. The fact that they all do it makes it impossible to show your displeasure by switching channels anyway.
Your example of the landscaping company records is a red herring. These sorts of customer service businesses only gather information related to the work they do for you, while search engines gather a much broader range of information. The fact that small service businesses get audited is irrelevant as well. Nothing in the audit records is going to provide anything beyond transaction dates and amounts. Generally speaking, Mom & Pop's Garden Service doesn't get routinely attacked by ambitious hacker networks, either.
I understand that you enjoy the benefits of companies using your personal information to provide better service. So do I. So do the vast majority of people. But I think it's a gross simplification to say that as a practical matter we really have much choice in the matter.
Read the EFF's Fair Use FAQ
Finally, if I say something in private to my friend, I don't see what business it is of Googles (or any other company) to snoop on what I'm saying. This has nothing to do with Google being Evil(TM) or not, it's just common sense. In fact, it would be silly to say that nearly everybody in the world is Evil(TM) just because I don't want to share my private information with them.
But anyway, Google is certainly not doing anything FOR ME for FREE, since I don't use gmail myself. However, when I write an email to somebody who uses gmail, then Google is doing TO ME uncalled for things, like snooping on MY words, for FREE admittedly.
The governement is beholden to respect the privacy law, and justify (with a judge signed document) getting those ISP kept data. Sure you can argue that they can abuse the power, but this would then be illegal. On face value the governement also cannot resell your data to somebody else. On the other hand corporation can do whatever they want including reselling your data to the most shaddy part of the world. This is partially why there is a privacy law in the EU because it is recognized of the possible abuse of the corporate world (data rentention, and right of rectification).
I would rather give my data to the governement than to a corporation, especially seeing how quick they are to sell/whore it off. And don't think A SECOND that if the governement is asking politely anyway the corporation won't give all the data they have on you. Since you have next to no way to block the governement getting the data, then the only bit you can protect is refusing to give the data to corporation to begin with, OR to force them to reespect the privacy of the data.
And before you start spouting off something about free market, think that for some stuff you cannot really avoid local monopolies (health, electricity, water....). Meaning that either you live out of society or you are screwed with US policy.
Good for you. I certainly don't know what data they have about me, where are they getting it from, and how are they putting it together. I much rather have a legal mechanism that requires them to tell me what data they have about me if I ask, and enables me to have it removed, then not.
I used to live in a society in which detailed files on people were customarily kept, and used to make people behave. From my experience, allowing any company (or organization, for that matter) to have data files on people without any option of the people to control what's in those files and who's accessing them isn't the smart thing to do.
But to each their own.
Simplify the legal system? Are you totally mad?
Nobody is better of with simpler laws! Not big business, not politicians and not the lawyers. Just imagine, someone from the general public reads your policy or the law, and really understands it. Do you understand the potential dangers there?
No, simpler laws is in nobodies interest. At least not somebody who has something to say about it.
Perhaps I did express myself clearly. Rights are not entitlements. For example, you have a right to publish your thoughts, but you are not entitled to a printing press.
The basis of the Constitution is that people have inalienable rights, and it specifies one form of government derived from those rights. It enumerates certain rights, but in no way claims that the list of rights is exhaustive. Courts can and have held that other rights are inalienable and thus covered by the Constitution. These are not privileges granted by the government to the people, they are rights of the people. People are not given rights by the Constitution, they are born with inalienable rights.
Privacy has been ruled to be an inalienable right by the Supreme Court, even though it is not specifically listed in the Constitution. Of course, most of our familiar rights weren't listed in the original version. The First Amendment did not create the right to speak freely, we always had that right, it is inalienable. The First Amendment simply acknowledged it, similar to codifying common law into statute law. Some state constitutions, such as California's, do list privacy. Others don't. I'm convinced that privacy is an inalienable right.
Law is made where rights collide and conflict. As often put, your right to swing your fist ends at my nose. In the US, privacy is a right, but one that is poorly defined and with unknown boundaries. I think that European laws provide good guidance, and would like to similar laws here. My image and voice cannot be used without my permission, outside of fair use exemptions. How is other personal information any different?
Don't like European laws? Don't do business there.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
If I have nothing to hide, you have no reason to search me
What if I ask for that information up-front, and the right to take a picture of you, and to use that information as I see fit? Because that's what is happening here with Google... They don't get your e-mail address unless you give it to them. They don't get ANY personal information unless you give it to them.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Similarly, you have some expectation of privacy in your own home, a bathroom/restroom and so on. To complicate things, there are situation were there is an illusion of privacy but there isn't actually one. A bank ATM location might be one were cameras watch you but your somewhat dislocated from others viewing you. The problem is when you involve other people or do something in places were you no longer have that expectation. Imagine that you told me in a private conversation that you though some girl was hot and wanted to get to know her better even though you and her were married. I am now privilege to this information because you told me. If I tell your wife, or her husband, I am not violating your privacy at all. Even If I tell her. Well, that is unless there is an agreement before you tell me and I agree not to tell anyone else.
When dealing with companies, Especially on the Internet were you have that illusion of privacy, you have effectively told them the same thing you told me, except for the information might have changed. They then take this information and do something with it. Some companies toss it out, some write it down and attempt to sell you sex aids, and some might sell this information to others who would want to sell you something. But when you involved them, you more or less gave them privilege to that information.
I don't disagree that some of the information should be held to a higher standard then "i have the hots for her" would have. Items like bank account numbers, credit services, personal finance or personal health information and such should be limited in every way. I think for the most part they are. But searching for ways to kill your wife, how to beat a speeding ticket, most romantic flowers and such are on a different level. Same with you purchasing a gallon of milk, a six pack of condoms and a spatula. But it is these personal numbers that you assume is private information because they link your banking or medical records, state identification, social security numbers and such that are a concern already have laws on their use. These have a larger potential of damaging you if placed in the wrong hands. But the fact is, when you deal with someone else, unless there is a law already involved or some agreement in place(privacy policy), you have handed over this information willingly to these people and it is really no different then you telling me which girl turns you on. You wouldn't expect hippa laws to save your medical privacy if you told every ugly girl in the bar that you have some STD to get them away from you.
I can understand concerns and fears about certain information. You are told to keep that private from the moment you get it. What I don't understand is essentially going to a ball game that will be televised and then complaining your picture was on TV when the camera pans the audience. There is no expectation of privacy there. But if the when certain private information is "required" to do business or participate in an otherwise public activity, the stuff you expect to be private should need your permission to be used in a way other then you expressly agreed to. Google has a privacy policy link on their main page, when using their services, you are essentially agreeing to those terms. Unfortunately, if your using firefox or possibly other browsers, the policy link is missing on the default start page.
Google is a US corporation. Of what concern are European privacy laws to it?
The concern is over the fact that they trade with people in the EU. US corporations that trade in the EU are required to follow EU laws; if they aren't, they may be fined by the EU (e.g. Microsoft), and if they do not pay their fines to the EU then they face having any of their property that is within the EU confiscated. This would include any money in transit from their European customers to them.