Friday, September 14, 2007

International Privacy Standard proposed by Google


This seems to me like it will be good for global businesses as a universal standard will allow a more streamlined approach to how to handle individual data.The world's largest Internet search company wants to create new ways to help keep Internet users safe.


Search giant Google Inc. will propose on Friday that governments and technology companies create a transnational privacy policy to address growing concerns over how personal data is handled across the Internet.


Google's global privacy counsel, Peter Fleischer, will make the proposal at a United Nations Educational, Scientific and Cultural Organization meeting in Strasbourg, France, dealing with the intersection of technology with human rights and ethics.


Fleischer's 30-minute presentation will advocate that regulators, international organizations and private companies increase dialog on privacy issues with a goal to create a unified standard.


Google envisions the policy to be a product of self-regulation by companies, improved laws and possible new ones, according to a Google spokesman based in London.


"We don't want to be prescriptive about who does that and what those standards are because it should be a collaborative effort," the spokesman said.


Other organizations have already made progress on privacy standards, he said. For example, Asia-Pacific Economic Cooperation (APEC) created a nine-point Privacy Framework designed to aid countries without existing policies.


Google today proposed that governments and technology companies need to work together to create an international method that details how the personal information of users should be handled on the Internet. Google's Peter Fleischer, chief privacy officer, challenged members of the United Nations to help make sure user privacy remains safe.


"People look to us to show some leadership and be constructive," Fleischer said before speaking before the United Nations Educational Scientific and Cultural Organization. "By supporting global privacy standards, there will be a debate and part of that debate will be what are motives our."


A large problem is that privacy standards can vary greatly among countries, something that can cause issues for companies that operate in many countries. Along with not having a federal privacy law to protect consumers, laws in the United States often vary state-by-state: another roadblock that will likely need to be fixed.


Another problem facing companies such as Google is that many of the laws are extremely out of date when compared to how the Internet has progressed. An Internet law created by lawmakers just 10 years ago cannot fairly be used today.


"Privacy laws have not kept up with the reality of the internet and technology, where we have vast amounts of information and every time a credit card is used online, the data on it can move across six or seven countries in a matter of minutes," Fleischer said.


Assuming that data is passed through a small handful of information in a short amount of time, companies need to create a safeguard to make sure the data remains safe -- especially since a lot of nations have minimal data protection laws, Fleischer added.


The Asia-Pacific Economic Cooperation (APEC) recently created a privacy framework that organizers hope will help nations modify existing laws that deal with user privacy and protection. However, much work must be done due to legal gray areas and loose translation of the privacy framework - for example, general principles are highlighted, but nations are responsible for their own enforcement.


Google already has spoken with Yahoo! and Microsoft over privacy standards, and now plans to speak with regulators from a number of different nations.


At a time when Google is worried about government regulation and laws over privacy, critics of the search engine company claim its recent acquisition of DoubleClick Inc are concerned Google now has the ability to store too much user data. Due to rising pressure from European officials, Google agreed to hold cookies up to two years only - the company originally scheduled cookies to be deleted in 2038.


Some other privacy standard


The P3P standard


The P3P specification has a double nature. On the one hand it is standardizing technical issues to facilitate the exchange of privacy meta information. On the other hand it requires the website to provide certain information necessary to enable the user of do-it-yourself privacy protection (e.g. the entity processing the data, types of collected data, purpose of collection and the type of processing). Requiring this information P3P sets a (minimum) privacy standard.


By offering a P3P policy, websites are giving a binding promise to their users that they will follow the P3P standard as a whole. It is part of the promise to provide the information required by the P3P specification truly and comprehensively. It also includes a careful interpretation according to the P3P specification of what personal identifiable data actually is. All things considered using P3P means agreeing on a legally binding (minimum) privacy standard between the parties.


Legal Privacy Standard


Some countries have their own data protection laws requiring i.e. special user information or allowing data use for special purposes only. These legal privacy standards are especially within European Union member states higher than the P3P specification's requirements (e.g. which information has to be provided in the P3P policy).


The relations between the P3P privacy standard, other legal privacy standards and the parties involved are illustrated in the following chart.






Technorati :

No comments: