Compliance Q&A: EPIC rep discusses objections to Google privacy policy

In this Q&A, EPIC Consumer Protection Fellow David Jacobs discusses the organization’s objections to Google’s privacy policy and how to improve online consumer privacy.

For the past several months, the Electronic Privacy Information Center (EPIC) has voiced opposition to Google’s privacy policy and online consumer privacy practices. EPIC went so far as to sue the Federal Trade Commission over the issue: It requested a federal judge issue a temporary restraining order and injunction requiring the FTC to enforce a consent order that Google Inc. agreed to last year.

EPIC's objection is not so much to Google's privacy policy, but to its privacy practices.

Last week, the FTC filed an opposition to EPIC’s lawsuit, and requested federal courts dismiss the case because it says EPIC’s complaints are “completely baseless.” EPIC is required to respond to the FTC’s opposition by Feb. 21. Google’s new privacy policy (which EPIC says violates the FTC’s original consent order) is scheduled to go into effect March 1.

Since the beginning of the back and forth over the Google privacy policy, EPIC has contended the company is deceptive about what it does with user information, and to whom it gives that information. SearchCompliance.com recently caught up with EPIC Consumer Protection Fellow David Jacobs to discuss EPIC’s concerns with the Google privacy policy, how Google can improve its practices and the state of online consumer privacy in general.

What does EPIC think Google is or is not doing correctly with its privacy policy?

Jacobs: Generally, it's fine for companies to simplify their privacy policies, although consolidating different privacy policies tends to produce a "race to the bottom" effect where the provisions of the least-protective privacy policy are adopted. Also, simplification of any privacy policy must contend with the loss of information content that occurs. This is why additional protections for privacy need to be in place.

What characteristics would EPIC like to see in a Google privacy policy? Are there any specific steps Google can take to protect users' privacy?

Jacobs: EPIC's objection is not so much to Google's privacy policy, but to its privacy practices. EPIC objects to the use of information that was collected for one purpose, but used for another purpose without obtaining the affirmative consent of users. In this case, Google should give users the option to opt out of having their information aggregated into a comprehensive data profile.

EPIC states that Google's privacy report that was recently made public proves the company violates compliance with the FTC Consent Order. What information in the privacy report does EPIC think violates that consent order?

Jacobs: I don't think the initial report itself proves a violation of the consent order, but it does raise questions about compliance. The privacy report was required under the consent order to "set forth in detail the manner and form in which [Google] has complied with this order." By refusing to explain compliance with certain areas of the order, such as the U.S.-EU Safe Harbor Framework, or why the notices Google sent to users adequately explained the purposes for which Google collects and uses information, and the extent to which users could exercise control over their information, Google's report raises questions about compliance with the order.

If Google's privacy policy eventually does take the right steps, could it be an example for other Web companies for protecting online privacy, if only because Google is so influential?

Jacobs: As the operator of the dominant search engine and one of the largest technology companies, Google's business practices certainly could influence other companies. Interestingly, however, because smaller companies likely have far less user information available to them, they might be unable to undertake a similar consolidation project. Simplifying a privacy policy, however, is something that most companies can do. Also, some of Google's competitors, like Microsoft, appear to be taking the opportunity presented by the new changes to compete with Google on privacy.

Let us know what you think about the story; email Ben Cole, Associate Editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

Dig deeper on Managing governance and compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close