Google's global privacy chief told OUT-LAW last year that he
does not see a need for a link on the search engine's homepage.
Today a spokesman for the company maintained that the company's
privacy policy is easy to find.
The search engine's homepage is widely praised for its
simplicity. When it launched almost 10 years ago, the absence of
third party adverts on its homepage distinguished Google from
competitors like Alta Vista, Excite, Lycos and Yahoo! But while
Google became popular because it was better at finding information
than its rivals, the difficulty of finding the company's own
privacy policy has drawn criticism.
A coalition of US privacy and consumer organisations said in a
letter sent today that Google needs to add a prominent link on its
homepage to its privacy policy. This is required by California law
and is the widespread practice of commercial websites, it said.
In the letter to Google’s CEO, Dr Eric Schmidt, the groups said:
"We urge you to comply with the California Online Privacy
Protection Act and the widespread practice for commercial web sites
as soon as possible.”
One signatory, Marc Rotenberg, Executive Director of the
Electronic Privacy Information Center in Washington, DC, said in a
statement, "This is not rocket science. And the word 'privacy' is
not got going to take up a lot of space on the Google
homepage."
Other signatory organisations include the California-based
Privacy Rights Clearinghouse, the World Privacy Forum, Consumer
Action, the Electronic Frontier Foundation, the ACLU of Northern
California, and the Consumer Federation of California.
The text of the open letter is reproduced below. It describes
Google's approach as "alarming" and cites the California
Online Privacy Protection Act, a law passed in 2004. That law
requires all commercial websites that collect "personally
identifiable information" from users in California to have a
conspicuous privacy policy.
It states: "a text link that hyperlinks to a Web page on which
the actual privacy policy is posted [is sufficient] if the text
link is located on the homepage or first significant page after
entering the Web site."
In Europe, a group of privacy experts published an opinion in
April 2008 that also called for a link to a privacy policy from a
search engine's homepage.
The Article 29 Working Party, an independent European advisory
body on data protection and privacy, interpreted Europe's data
protection regime as requiring such a link.
"Most internet users are unaware of the large amounts of data
that are processed about their search behaviour, and of the
purposes they are being used for," it wrote. "If they are not aware
of this processing they are unable to make informed decisions about
it. The obligation to inform individuals about the processing of
their data is one of the fundamental principles of the Data
Protection Directive."
"The information that has been supplied by search engines
providers in response to the Working Party's questionnaire shows
that important divergences exist," said the Working Party. "Some
search engines comply with what is specified in the Directive,
including links to their privacy policy both from the home page and
from the pages generated in a search process and information about
cookies. With other search engines, it is very difficult to locate
the privacy policy."
"Users must be able to easily access the privacy policy before
conducting any search, including from the search engine home page,"
it wrote.
Last July, OUT-LAW interviewed Google's privacy chief, Peter
Fleischer. Asked why there was no link to the privacy policy on the
front page of Google, Fleischer replied: "Google has a very sparse
homepage. It’s one of the things that we’re very proud about. It’s
kind of clean and zen-like. Last I counted I think we had something
like 35 words on our homepage. On ours with only 35 words, we had
to keep it very sparse. Now of course we’re a search engine, so
anybody who wants to see our privacy policy can type 'Google
privacy policy' and, trust me, it will come up as result number
one. It’s not hard to find. We’re a search company. We don’t
believe in pushing things into people’s face. We keep it easy and
simple to find."
Google's privacy policy can also be found by following the
homepage link entitled 'About Google' and then clicking a 'Privacy
Policy' link at the foot of that page.
Google told OUT-LAW today that the company is refusing the
request. "We don't have plans to change our homepage," a
spokeswoman said.
"We share the view that privacy information should be easy to
find, and we believe our privacy policy is readily accessible to
our users," she said.
"Privacy policies can be complex and not consumer friendly,"
said the company's spokeswoman, who pointed out that Google offers
a Privacy Center and a YouTube privacy channel with videos
explaining the company's practices and products. "To truly
help consumers understand privacy, our goal is to provide
accessible and useful information," she said.
At the time of writing, links to privacy policies were on the
homepages of Microsoft's Live.com, Yahoo.com, Altavista.com,
AOL.com, Lycos.com and Excite.com. They were not present on the
homepages of Google.com and Ask.com.
The open letter to Google
Dear Dr. Schmidt,
We are writing to you on behalf of California consumers and
Internet users around the world to urge Google to include a direct
link to its privacy policy on its homepage.
California law requires the operator of a commercial web site to
“conspicuously post its privacy policy on its Web site.” The
straightforward reading of that law is that Google must place the
word “privacy” on the Google.com web page linked to its privacy
policy. Moreover, just about every major company that operates a
web site places a link to its privacy policy on its homepage.
While we do not believe that a privacy policy is a guarantee of
privacy protection, it does represent a commitment by a commercial
web site to inform users about the company's privacy
practices.
Google's reluctance to post a link to its privacy policy on its
homepage is alarming. We urge you to comply with the California
Online Privacy Protection Act and the widespread practice for
commercial web sites as soon as possible.
Sincerely,
