While Google is leading a charge to create a global privacy standard for how companies protect consumer data, the search giant is recommending that remedies focus on whether a person was actually harmed by having the information exposed.
Google’s proposal is scheduled to be presented by Peter Fleischer, Google’s global privacy counsel in a speech Friday in Strasbourg, France, at UNESCO’s meeting on ethics and human rights. He briefed reporters on Thursday.
The proposal follows the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, which has been endorsed by many of the APEC nations, including Australia and Hong Kong, but not all. China, for instance, does not endorse it, Fleischer said.
“Google believes we need to work together to create minimum global standards partly by law and partly by self-regulation,” he said in a telephone conference call. “We need a collaboration between government and the private sector.”
The APEC framework “promotes a flexible approach to information privacy protection” and is a “practical policy approach to enable accountability in the flow of data while preventing impediments to trade,” according to the group’s fact sheet. The nine principles of the framework are: preventing harm; integrity of personal information; notice; security safeguards; collection limitations; access and correction; uses of personal information; accountability; and choice.
Under a “preventing harm” principle in the framework, “any remedial measures should be proportionate to the likelihood and severity of the harm,” the documents state.
“Privacy standards should focus on actual harms to consumer privacy,” Fleischer said. “Other countries have an ideological bent…APEC has a pragmatic focus on privacy harms…not abstractions.”
Fleischer has been shopping the idea around, meeting with the Spanish Data Protection Authority a few days ago (”He welcomed it warmly”) and the French counterpart, which endorsed it.
Deflecting DoubleClick criticism?
However, a privacy advocate dismissed the move as a desperate attempt by Google to appear to be sensitive to privacy issues in the midst of government scrutiny of its proposed $3.1 billion acquisition of online ad firm DoubleClick.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, called the APEC Privacy Framework “backward looking” and said it “is the weakest international framework for privacy protection, far below what the Europeans require or what is allowed for transatlantic transfers between Europe and the U.S.,” particularly because it focuses on the need to show harm to the consumer. The guidelines were developed before there was data collected on the cost to consumers of identity theft and security breaches, he said.
“Google is under enormous pressure from many countries around the world who are fed up with their arrogance and their unwillingness to make meaningful changes to their business practices,” Rotenberg said. “They’re also trying desperately to push the acquisition of DoubleClick through the Federal Trade Commission. And they’ve met enormous resistance.”
Fleischer denied that the proposed DoubleClick merger had anything to do with Google’s actions.
“What this is is a sustained multipronged effort by Google to improve privacy practices…across the Internet,” he said in his briefing. “People expect us to show some leadership. We would do this regardless of whether DoubleClick were part of the equation or not.”
Google will take its message to the public through a virtual debate it plans to open on YouTube soon, and it will participate in meetings in Montreal on Sept. 24 with global privacy commissioners and in Washington, D.C. in October, Fleischer said.
Also, Google Chief Executive Eric Schmidt “will add his voice to this debate” in the next few days, Fleischer said, declining to elaborate.
Previous
Home
