Google Responds to Congress: we aren’t NebuAd

Recently Congress has been investigating the user’s privacy with the growingly pervasive ‘opt-out’ advertising programs such as those run by NebuAd. The Congressional Committee on Energy and Commerce sent a letter on August 1 to Microsoft, Google, AOL  and a number of other companies, asking for information on whether or not personal data had been collected, what restrictions were placed on the collection and how the information was used. The companies were given until August 8 to respond.

 

NebuAd’s deep packet inspection was the lightning rod that drew increased congressional scrutiny and Google recognized this and promised to place its answer online for open inspection.

Google has since posted its reply. Google  by categorically stating that it does not engage in deep packet inspection while serving advertising and posits that most other advertisers do not as well.  According to the company, Google’s privacy policy is founded on three principles: providing transparency, choice, and security.

Google goes on  to say that it has been an active participant in the FTC  initiative to develop privacy principles and hopes that these principles “will be adopted widely by the online advertising industry and will serve as a model for industry self-regulation in jurisdictions beyond the United States.” The letter concludes with a  pledge to work with to create a uniform federal privacy law.

 

Other Google points:

 

• Google’s online search advertising serving while contextual, do not make use of web browser history, and that it maintains no such database. 

 

• The  DoubleClick merger Google intends to integrate some of that company’s technology into its own products to tailor ads more effectively. Users can opt out of this via a single option which will control a person’s opt-out status for all of the websites within Google’s network. 

 

• Data retention: Google does not require any personally identifiable information (PII) to be provided and retains only standard server log information and/or cookie ID. Google anonymizes all search log data after 18 months.

 

 

Do no evil? You decide.

EU States ” Right to a Private Life”

The Article 29 Working Group, an EU data protection and privacy issue working group, has issued a new major report (PDF). The EU started with the premise of a “right to a private life” . Their recommendations include allowing search engines to store European user data for maximum of six months, treat IP addresses as “personal information,” and must comply with the rules even if they are based outside the EU.

More Facebook Privacy Issues

The U.K.’s Information Commissioner’s Office (ICO) is investigating Facebook after a user complained that they were unable to fully delete their profile after terminating their account.While users’ information remains on Facebook’s server even if accounts are deactivated. This data is no longer accessible but can be reactivated later on.

Facebook says that this is in ”full compliance with U.K. data protection law” says it does not use the information from deactivated accounts.

“We take the concerns of the ICO and our user’s privacy very seriously and are committed to working with the ICO to maintain a trusted environment for all Facebook users and ensure compliance with UK law,” said a statement from the site.

Senior data protection practice manager at the ICO explains,”If the onus is entirely on the individual to delete their data, they might not find themselves motivated enough to delete information that’s about them on their wall or other people’s sites,”

“We’ll be working with the site to achieve better quality information for users to make it absolutely clear to people what exactly will happen to their information once it’s posted,” said Evans.”

http://www.pcworld.com/article/id,141607-c,privacy/article.html

— Jeff Buechler

IP Addresses: Are they personal info?

From Ars technica:Could IP addresses soon be considered “personal information” in Europe? The question was discussed yesterday at a hearing before the European Parliament’s Civil Liberties Committee, where European data protection authorities and privacy advocates backed the idea. Google, not surprisingly, wasn’t as thrilled.

Giving legal protection to IP addresses poses a host of problems for companies like Google that log massive amounts of data and want to know which machines it comes from. IP address tracking can help the company crackdown on click fraud, for instance, and it can help Google identify the general geographical location of many of its visitors.

But IP addresses don’t match up with people, only machines, making them at best quasi-personal. As Google’s Global Privacy Counsel Peter Fleischer told the Committee (PDF), “There is no black or white answer: sometimes an IP address can be considered as personal data and sometimes not; it depends on the context, and which personal information it reveals.”  http://arstechnica.com/news.ars/post/20080122-ip-addresses-could-become-personal-information-in-europe.html

Act Like Neville Chamberlain and Get Fined $2,000,000

In previous posts I have been quite vocal about censorship and the appeasement of the search engines in response to governmental requests for limiting access and information. Now the Congress is contemplating fining companies if they cooperate with the technological surveillance of political dissidents or share technology and information used for “Internet-restricting” purposes.

From Forbes, “Companies under the congressional microscope included Cisco (nasdaq: CSCO – news - people ), which Smith accused of helping China create a “police net” database used to track and imprison political dissidents around the country. He alluded to Yahoo!’s (nasdaq: YHOO – news - people ) cooperation with Chinese police, offering up email information that led to journalist Shi Tao receiving a 10-year prison term in 2005 for “revealing state secrets.” Smith also criticized Google (nasdaq: GOOG – news - people ) for its decision to appease China by blocking politically controversial search results on its Mandarin site.”Google has joined hook, line and sinker with the propaganda regime of Beijing,” Smith said.

While I applaud Congress for trying to stay in front of this issue, it sends a dangerous message to companies doing business overseas that if you try and comply with the legal requirements of the jurisdiction you are in, then the US government will fine you if it disagrees with that foreign government’s policies. Countries like China, Burma, Belarus, Vietnam, Ethiopia, and Tunisia have very repressive policies and of course these policies should be repealed. Fining companies who, by their very nature will encourage greater openness, do business in these countries is sending the wrong message. And in this case, the wrong message is worse than no message at all.