by Michael Martinez-Schiferl
Is Google spying on you? The web is full of processes scanning every click of the mouse and tap of the keyboard, logging this information, and at times making a decision to target users with advertising. Information and data are increasingly valuable resources for the businesses and firms in our global economy; even Internet search providers keep their businesses running by collecting data on the information people seek and store. If you use a popular search engine, you may be astonished to learn the amount of data collected on your search habits. As search providers branch out into providing other services such as email, online document editors, spreadsheet editors, social networking sites and photo repositories, the amount of data collected on each of us approaches an alarming level.
The Internet presents a new set of challenges to privacy protection policy. Jerry Berman, chair of the Advisory Committee to the Congressional Internet Caucus and co-founder of Center for Democracy and Technology (CDT), points out that these challenges stem from three main characteristics of the Internet: the trend of increased information collection by search providers, the globalization of information and communication, and the lack of centralized control mechanisms. These characteristics—combined with the growing market value of personal information—pose a threat to the core expectations of privacy: anonymity, fairness, control over personal information and confidentiality. These threats are far reaching with even governments themselves sometimes turning to private “lookup-service” companies, which profile users based on personal data collected from Internet use. Governments around the world are increasingly gathering information that may have once required warrant-based probable cause or another form of judicial oversight. In other words, the process of gaining access to information kept in a physical location is governed by extensive search laws, while the data stored in a Google documents folder lacks such protection.
At last month’s United Nations Educational Scientific and Cultural Organization (UNESCO) meeting on ethics and human rights, Google’s privacy chief Peter Fleischer proposed the Asia-Pacific Economic Cooperation (APEC) Privacy Framework as a starting point for a broad international Internet privacy standard. The APEC Framework is based on nine principles aimed at protecting personal information and facilitating responsible information flow (similar to the First Principles). The Framework has been approved by many of the APEC nations including Australia, but the largest APEC nation, China, has yet to give its approval. Google’s hope is to get a major international organization like the United Nations (UN) or Organization for Economic Cooperation and Development (OECD) to draw up the new international privacy guidelines. In a post on Google’s Public Policy Blog the day of the UNESCO meeting, Fleischer added “even if every country in the world did have its own privacy standards, this alone would not be sufficient to protect user privacy, given the web’s global nature. Data may move across six or seven countries, even for very routine Internet transactions. It is not hard to see why privacy standards need to be harmonized and updated to reflect reality.”
Of course, harmonizing privacy standards may be a difficult task. Fordham University Law Professor Joel Reidenberg points out that “specific privacy rules in any particular country have a governance function reflecting the country’s choice regarding the roles of the state, market and individual in the country’s democratic structure.” Extending this observation beyond democratic regimes to the diverse mix of governmental systems around the globe only amplifies the potential for differences between countries with regard to privacy protection policy.
While countries with no Internet privacy standards at all will benefit from a global standard, other countries with established standards may have reason to resist if new standards are weaker than the country’s existing policies. Mark Rotenber, Executive director of the Electronic Privacy Information Center (EPIC), calls the APEC Framework a regression in privacy standards, stating that the Framework “is the weakest international framework for privacy protection, far below what the Europeans require or what is allowed for trans-Atlantic transfers between Europe and the US.” The difference between Mr. Rotenberg’s and Mr. Fleischer’s points of view centers on a fundamental disagreement about the level of protection that ought to be afforded to prevent harm to the consumer.
Email Michael Martinez-Schiferl at firstname.lastname@example.org