The Google executive will today launch an appeal to governments
to set minimum privacy standards. This is despite Google itself
being roundly criticised for its own privacy standards by, amongst
others, European privacy watchdogs.
"Google believes we need to work together to create minimum
global standards partly by law and partly by self-regulation," said
Google's global privacy counsel Peter Fleischer in a conference
call to journalists."We need a collaboration between government and
the private sector."
Peter Fleischer has said that countries should all adopt
guidelines agreed between Asia Pacific nations, the Asia-Pacific
Economic Co-operation (APEC) privacy framework. This has been
supported by countries such as Australia and Vietnam.
"If privacy principles can be agreed in such divergent
countries, then we think that is a model for the rest of the world.
What we see is a lack of privacy standards around the world," said
Fleischer.
European privacy regulation is controlled primarily by the
EU Data Protection Directive which all member states must put into
national laws. There is little other consensus around the world on
how privacy should be governed.
The APEC Privacy Framework comprises a set of nine principles:
preventing harm; notice; collection limitations; uses of personal
information; choice; integrity of personal information; security
safeguards; access and correction; and accountability.
From Principle II,
'Notice':
Personal information controllers should provide clear and easily
accessible statements about their practices and policies with
respect to personal information that should include:
a) the fact that personal information is being collected;
b) the purposes for which personal information is collected;
c) the types of persons or organizations to whom personal
information might be disclosed;
d) the identity and location of the personal information
controller, including information on how to contact them about
their practices and handling of personal information;
e) the choices and means the personal information controller
offers individuals for limiting the use and disclosure of, and for
accessing and correcting, their personal information.
"The APEC Privacy Framework is a practical policy approach to
enable accountability in the flow of data while preventing
impediments to trade," said an APEC statement. "It provides
technical assistance to those APEC economies that have not
addressed privacy from a regulatory or policy perspective. The
Framework will enable regional data transfers to the benefit of
consumers, businesses and governments."
Fleischer emphasised the focus of the APEC rules on the harm
caused by an event. "Privacy standards should focus on actual harms
to consumer privacy. Other countries have an ideological bent. APEC
has a pragmatic focus on privacy harms," he said.
Fleischer said that he had discussed the plan with national
privacy regulators and that the plan had already received the
approval of Spanish and French watchdogs.
Google kick-started a privacy debate earlier this year when its
announcement that it would delete identifying information from
stored search logs after two years alerted watchdogs and consumers
to the fact that Google and other search engines kept that link at
all.
After an outcry and condemnation from EU data protection
officials, Google reduced that term to 18 months and other search
companies revised their policies. Data protection experts still
claim that 18 months is too long, though.
