This past December, about a year after the Internet behemoth announced a new privacy policy, a working group of representatives from these countries called the policy grossly abusive of people's privacy and said Google had four months to bring itself into compliance with European law. Google dismissed the ultimatum: "Our privacy policy," it said, "respects European law and allows us to create simpler, more effective services." The European countries' response was that they will take actions, based on their national laws and in coordination with each other, by the fall.
These government/corporation tiffs are frequent and their rhetorical fire normally turns into quickly dissipated smoke. This one could be different. It comes at a time when the world's powerful are trying to decide how much privacy we people will have and what the term privacy actually means, and this squabble's outcome will affect that and, of course, our freedom. That alone makes it worth watching.
Google Maps and Google's Boss Eric Schmidt
(Image by Google Maps and Google's Boss Eric Schmidt) Details DMCA
Google Maps and Google's Boss Eric Schmidt by Google Maps and Google's Boss Eric Schmidt
But there's something deeper here that transcends this conflict. Privacy is, in fact, a core component of democracy and any infringement on complete privacy is an obscene attack on the possibility of having a free and democratic society. As important as the outcome of this showdown might be, the most important and frightening development is that it's taking place at all.
The political shoot-out began a year ago when Google announced that it was unifying about 60 privacy-policy agreements, covering its myriad services, into one big one. The company explained that lumping together these "agreements" (the things you're asked to read before pressing the "I Accept" button on a website) was a matter of efficiency and transparency. There's a logic to that: how many privacy policies have you read on the Internet? One would assume that if you don't read one, you can hardly be expected to read 60.
That, however, is a corporate shell game. Google made this move not to make our reading easier but to make gathering information about us more efficient. Google is a marketing company and nothing makes a marketing company more powerful and valuable to advertisers than having pertinent information on hundreds of millions of people all over the world. Its privacy policy is fitted to that purpose. It says that, once you sign up and begin using these services as an identified user, you give up that right of refusal. So, because people don't read that privacy policy, they don't realize that it effectively eliminates their privacy.
For a very long time, Google has known who uses each of its services and how, but now it knows which combination of services you use and how they interact with each other in your daily life. It also knows cities or towns of residence (and, in many cases, addresses) of its registered users, the IP addresses of their computers, their names (and often the names of their family members and friends), what they do on the Internet every day, what they buy and consider buying and, for those using Gmail, who they write to and what they write. It can hone in a your specific physical location with Google Maps and will store that info if you map it. In fact, all this info is stored on Google's databases with members' tacit approval and Google's complete understanding of what all this means.
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Google CEO Eric Schmidt said in 2009. "If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."
The information Google holds rivals and in some cases surpasses the information most governments have on their own citizens. So when Google released this new policy which permits it to combine that information and use it for evaluation, marketing, and advertising, these governments commissioned France's CNIL to investigate.
That selection, in itself, is striking. The CNIL is an independent, government-supported authority that specializes in data privacy-law enforcement. France has among the strongest data-collection restrictions in the world and, while CNIL has often been criticized by advocates for being too sheepish in its advocacy, data-protection "sheepishness" in France would be considered ferocity in many other countries.
Like a trained bulldog, CNIL investigated all the Google data policies for nine months and then presented its report. It was devastating, accusing Google of policies and mechanisms that effectively violate privacy laws in most European countries. Based on that report, 24 of the EU's 27 data regulators wrote Google a letter last December proposing about a dozen changes: among them that Google shouldn't collect information on users without their consent, combine information from different services without additional consent, or use the data it collects for advertising.
The four months passed. "Google did not provide any precise and effective answers," CNIL said last week. "In this context, the EU data-protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, led by the CNIL, in order to coordinate their reaction, which should take place before summer."
In the diplomatic jargon of international regulation, those are fighting words. "Coordinate their reaction" is something the European Union's countries seldom do (witness their financial crisis) and they almost never make threats around technology. Action against Google in Europe could affect the company's relationship with one of its largest markets and a critical marketing link in the world-wide chain that is the Internet. Google could be crippled. That's what that statement threatens.
But let's not kid ourselves. A capitalist government, like those in Europe, has a system to protect and, to do the protecting, its police agencies routinely use data collected on the Internet about its citizens. As Google's Schmidt put it in 2010: "In a world of asynchronous threats it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it."
So the issue here isn't really how to protect people's privacy; it's how to balance the various approaches to impinging on it. Google says it needs information about you to match its marketing to what you buy; governments say they need information about you to monitor and control what you do the rest of the time. They're trying to work out how these two approaches to information gathering can co-exist and not conflict with each other.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
