As of late, there has been a lot of furor in the press about Google’s
new unified privacy policy. The main point of contention seems to be
that this new policy is in violation of many countries’ privacy laws
including those of European Union states, the USA and possibly Japan
and South Korea. This is something that actually affects all of us
because I am sure that everyone reading this blog is using at least
one Google product or service (Blogger is owned by Google). So whether
you have a Gmail account, watch YouTube videos or use the Google
search engine, you should take notice of this issue because your
privacy is probably being violated.
The following is a brief summary of the policy. Google collects 5
types of information about you including your personal information
(when you sign up), usage information when you use a Google product or
service), location information, application data and cookies/anonymous
identifiers.
Google uses this information to maintain and improve existing
services, to create new products, to tailor content in their products,
to help fix problems with their products and to improve the user
experience of their services. The company also states that it will
combine all user data from all of its services, it may process this
information on international servers.
With regards to sharing your data, Google stresses that it will ask
for your consent before using your data for new purposes but that
anyone who knows your email address can view your public profile,
which includes your name and picture. They will also share your data
without your consent with domain administrators, external data
processing companies and in cases of litigation.
Google also claims to have a transparent policies in place to allow
you to review and control your information, ad preferences, personal
profile, who has access to your data, how to remove your content, and
to exclude your data for use in services. However, the company also
stipulates in very vague language that it cannot provide you access to
and control of all of your information due to various
impracticalities. For example, they state that they “may not
immediately delete residual copies from our active servers and may not
remove information from our backup systems.”
In terms of security measures to protect your data, Google has not put
in place any added measures despite the increased risk of privacy
invasion due to its data sharing practices. The company lists SSL
encryption and two step verification as two measures it has in place,
while also noting that those with who they share your information are
contractually obligated to keep all personal information confidential.
Google’s business practices, regarding privacy, fall under the
jurisdiction of Canada’s Personal Information Protection and
Electronic Documents Act. Their new policy seems to comply with the
act’s stipulations about an organization’s responsibilities. However,
the vagueness of the policy when it comes to providing users full and
complete access to their information does not preserve the privacy
rights of the user. Thus, while Google is not in violation of Canadian
privacy law directly regarding the requirements placed on business’s,
it does infrine upon the right of the user to “expect the personal
information an organization holds about them to be accurate, complete
and up- to-date; obtain access to their personal information and ask
for corrections…” It is up to the Canadian public to exercise their
right to privacy and, through litigation, force Google to change their
privacy policy for the better.
Below are links to the aforementioned press articles, Google's new privacy policy, and PIPEDA.
http://www.dailymail.co.uk/sciencetech/article-2108564/Google-privacy-policy-changes-Global-outcry-policy-ignored.html
http://www.google.com/policies/privacy/
http://www.priv.gc.ca/leg_c/leg_c_p_e.cfm
No comments:
Post a Comment