This is getting a lot of pass-round in ye olde blogosphere. As with some of the vids I post here about filesharing, it makes some good points evocatively but I do not endorse the overall conclusion for one simple (or maybe not so simple) reason; even if you effectively feel you have to use Google (and there are rivals, especially in the non search categories of services) you can delete your Google cookies. But - another fun one to show students!
Showing posts with label google privacy. Show all posts
Showing posts with label google privacy. Show all posts
Tuesday, January 05, 2010
Wednesday, April 09, 2008
DP law and search engines
There is a truely remarkable amount happening right now on what one might very loosely call the "Web 2.0" privacy front. On top of the UK Byron report and the Ofcom report dealt with in last two posts to this blog, we also now have the EC Article 29 working party opinion on data protection issues related to search engines.
Very roughly, this report takes the long -expected, but not uncontroversial (especially if you're Google) stance that IP addresses are (mostly) personal data. This follows the view taken previously by the Art 29 WP in its WP 136 that"… unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side". Basically even dynamic IP addresses can be connected to particular users given the cooperation of log-keeping ISPs. As such potentially all IP addresses must be viewed as "personal data".
It also argues that:
- the Data Retention Directive (2006/24/EC) is clearly highlighted as not applicable to search engine providers. This is because Article 2 sub c of the Framework Directive (2002/21/EC), which contains some of
the general definitions for the regulatory framework over "electronic communications services", explicitly excludes services providing or exercising editorial control over content. Notably, earch engines both filter out illegal content, provide safe search, and respect no-robots text tags on sites, all functions search engines should continue to exercise.
Search engine providers must thus delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for, and be capable of justifying retention and the longevity of cookies deployed at all times. The DRD is NOT an excuse to retain data for longer (as Google have previously claimed.) The WP recommended retention for no more than 6 months. Similarly, if search engine providers use cookies, their lifetime should be no longer than demonstrably necessary.
- the DPD does however clearly apply to search engines which deposit cookies on the machines of EU resident users, even if the search engine is based economically or physically outside the EU eg the USA. European data
protection law also applies to search engines in specific situations, for example if they offer a caching service or specialise in building profiles of individuals based in the EU.
- on DP law, search engines generally fail to say exactly for what purposes they gather personal data of users. If it is used for purposes users might not reasonably have anticipated eg building profiles of users for advertisers, the search industry may be breaking DP law.
The WP also considered the new so-called "people search engines " such as PIPL and Rapleaf, which draw on data from a wide range of sites, often including blogs and SNSs as well as the general Web, to form indexed profiles of individuals. Such profiling may both reveal unexpected data, and throw up misleading correlations, and some have already drawn adverse comment. The WP emphasised that these sites "must have a legitimate ground for processing, such as consent, and meet all other requirements of the Data Protection Directive, such as the obligation to guarantee the quality of data and fairness of processing."
Pangloss is pleased to see this issue adressed: it provides a compulsory legal basis for what is emerging as good industry practice, namely (a) email the data subject whose profile is published (b) allow them to remove or correct or make private the data published. Of course we still need to make sites not based in the EU take notice of EU law. Eventually, what we desprately need is a technical fix, namely better multiple identity control - roll on the research into distributed identity management.
Very roughly, this report takes the long -expected, but not uncontroversial (especially if you're Google) stance that IP addresses are (mostly) personal data. This follows the view taken previously by the Art 29 WP in its WP 136 that"… unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side". Basically even dynamic IP addresses can be connected to particular users given the cooperation of log-keeping ISPs. As such potentially all IP addresses must be viewed as "personal data".
It also argues that:
- the Data Retention Directive (2006/24/EC) is clearly highlighted as not applicable to search engine providers. This is because Article 2 sub c of the Framework Directive (2002/21/EC), which contains some of
the general definitions for the regulatory framework over "electronic communications services", explicitly excludes services providing or exercising editorial control over content. Notably, earch engines both filter out illegal content, provide safe search, and respect no-robots text tags on sites, all functions search engines should continue to exercise.
Search engine providers must thus delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for, and be capable of justifying retention and the longevity of cookies deployed at all times. The DRD is NOT an excuse to retain data for longer (as Google have previously claimed.) The WP recommended retention for no more than 6 months. Similarly, if search engine providers use cookies, their lifetime should be no longer than demonstrably necessary.
- the DPD does however clearly apply to search engines which deposit cookies on the machines of EU resident users, even if the search engine is based economically or physically outside the EU eg the USA. European data
protection law also applies to search engines in specific situations, for example if they offer a caching service or specialise in building profiles of individuals based in the EU.
- on DP law, search engines generally fail to say exactly for what purposes they gather personal data of users. If it is used for purposes users might not reasonably have anticipated eg building profiles of users for advertisers, the search industry may be breaking DP law.
The WP also considered the new so-called "people search engines " such as PIPL and Rapleaf, which draw on data from a wide range of sites, often including blogs and SNSs as well as the general Web, to form indexed profiles of individuals. Such profiling may both reveal unexpected data, and throw up misleading correlations, and some have already drawn adverse comment. The WP emphasised that these sites "must have a legitimate ground for processing, such as consent, and meet all other requirements of the Data Protection Directive, such as the obligation to guarantee the quality of data and fairness of processing."
Pangloss is pleased to see this issue adressed: it provides a compulsory legal basis for what is emerging as good industry practice, namely (a) email the data subject whose profile is published (b) allow them to remove or correct or make private the data published. Of course we still need to make sites not based in the EU take notice of EU law. Eventually, what we desprately need is a technical fix, namely better multiple identity control - roll on the research into distributed identity management.
Monday, February 11, 2008
Just to document the press's continuing fascination that people are indeed monitoring Facebook, Bebo etc, and that despite this, other people are still stupid enough to leave confidential information there, this piece from the Indy ...
"Just ask the 27 workers at the Automobile Club of Southern California fired for messages about colleagues on their MySpace sites; the Florida sheriff's deputy whose MySpace page revealed his heavy drinking and fascination with female breasts – and swiftly found himself handing in his badge; the Argos worker in Wokingham fired for saying on Facebook that working at the firm was "shit"; the Las Vegas teacher at a Catholic school fired after he declared himself gay on his MySpace page; the staff of an Ottawa grocery chain fired for their "negative comments" on Facebook; the 19 Northampton police officers investigated for Facebook comments; and Kevin Colvin, an intern at Anglo Irish Bank, who told his employers he had a family emergency, but whose Facebook page revealed he had, in reality, been cavorting in drag at a Hallowe'en party."
However the piece does have a new(ish) point, that worries about social network sites may shift from the obvious paedophiles, stalkers and ID thieves t more "civil" observers:
"That something as ubiquitous as social network sites (they have 13.7 million UK users) are exploited by paedophiles and other serious criminals is not surprising. Happily, the numbers affected are small. But the use of personal page content in civil disputes, divorces, employment and legal actions will affect far more of the millions now innocently sharing their thoughts and intimate moments with the online world. "
Pangloss is, as usual, almost finished an article on all this :) Send donations of spare time to allow her to complete it!!
Ps while we're at it, two interesting recent comments on the ongoing facebook/SCrabulous affair - Jonathan Zittrain here and the irrepressible Daithi Mac Sithigh here.
"Just ask the 27 workers at the Automobile Club of Southern California fired for messages about colleagues on their MySpace sites; the Florida sheriff's deputy whose MySpace page revealed his heavy drinking and fascination with female breasts – and swiftly found himself handing in his badge; the Argos worker in Wokingham fired for saying on Facebook that working at the firm was "shit"; the Las Vegas teacher at a Catholic school fired after he declared himself gay on his MySpace page; the staff of an Ottawa grocery chain fired for their "negative comments" on Facebook; the 19 Northampton police officers investigated for Facebook comments; and Kevin Colvin, an intern at Anglo Irish Bank, who told his employers he had a family emergency, but whose Facebook page revealed he had, in reality, been cavorting in drag at a Hallowe'en party."
However the piece does have a new(ish) point, that worries about social network sites may shift from the obvious paedophiles, stalkers and ID thieves t more "civil" observers:
"That something as ubiquitous as social network sites (they have 13.7 million UK users) are exploited by paedophiles and other serious criminals is not surprising. Happily, the numbers affected are small. But the use of personal page content in civil disputes, divorces, employment and legal actions will affect far more of the millions now innocently sharing their thoughts and intimate moments with the online world. "
Pangloss is, as usual, almost finished an article on all this :) Send donations of spare time to allow her to complete it!!
Ps while we're at it, two interesting recent comments on the ongoing facebook/SCrabulous affair - Jonathan Zittrain here and the irrepressible Daithi Mac Sithigh here.
Tuesday, January 22, 2008
IP Addresses are Personal Data - official
Brief but important note, via the Asociated Press: the EU Art 29 Working Party group working on privacy, DP and Internet search engines (notably Google) has issued an early press release.
"Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data." "
Some may think this an obvious conclusion, but in fact a report on Personal Data commissioned by the UK ICO office a year or two back (and very sadly, no longer available on the ICO site) revealed considerable disparity on this across Europe; in many cases whether an IP adress was regarded as "identifying" depended on context, in the view of various Information Commissioners.
The significance is crucial; if IP addresses are personal data, then services which collect IP addresses but not actual names - as Google does when it collects search terms typed in by users from IP adresses - are still regulated by DP law.
Google's privacy chief Peter Fleischer has previously insisted IP addresses are should only be seen as personal data, if it is likely that a person can be identified from an IP address . (Despite this, Google recently caved in to EU pressure and reducing the duration of Google cookies from 30 years to 2 years.) He may now have to think again, at least in Europe. This should be no surprise however, as , as Fleischer himself admits, the ART 29 Working party gave the answer as far back as 2002, that if an IP address can be connected to a person (eg by the person's ISP), then it should be seen as personal data for all purposes, including use by other companies.
The UK's current law , by the way, is in Pangloss's opinion , rather nearer to Fleischer's interpretation than to Scharr's - see s 1 of the DPA 1998. So bad news may be coming not only for Google but for UK drafters and advisers.
"Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data." "
Some may think this an obvious conclusion, but in fact a report on Personal Data commissioned by the UK ICO office a year or two back (and very sadly, no longer available on the ICO site) revealed considerable disparity on this across Europe; in many cases whether an IP adress was regarded as "identifying" depended on context, in the view of various Information Commissioners.
The significance is crucial; if IP addresses are personal data, then services which collect IP addresses but not actual names - as Google does when it collects search terms typed in by users from IP adresses - are still regulated by DP law.
Google's privacy chief Peter Fleischer has previously insisted IP addresses are should only be seen as personal data, if it is likely that a person can be identified from an IP address . (Despite this, Google recently caved in to EU pressure and reducing the duration of Google cookies from 30 years to 2 years.) He may now have to think again, at least in Europe. This should be no surprise however, as , as Fleischer himself admits, the ART 29 Working party gave the answer as far back as 2002, that if an IP address can be connected to a person (eg by the person's ISP), then it should be seen as personal data for all purposes, including use by other companies.
The UK's current law , by the way, is in Pangloss's opinion , rather nearer to Fleischer's interpretation than to Scharr's - see s 1 of the DPA 1998. So bad news may be coming not only for Google but for UK drafters and advisers.
Wednesday, September 05, 2007
Facebook and privacy returns
Facebook are opening up their site to being Google-searchable. Hark! I hear a million privacy activists screaming.
But wait - they're actually doing it RIGHT.
a. They're only allowing name and profile pictures to appear in search results - not all the rest which tends to include highly personal material.
b. everyone appears to be getting prominent notice IN ADVANCE that they can opt out of their info being released onto Google
c. most impressively, if like me (and I imagine rather rarely) you'd already opted to "hide" on facebook, ie, not be searchable by name in their listing, you are automatically opted out of the Google release.
This appeared at the top of my FB profile this morning:
"Facebook now enables anyone to search for Facebook users who have public search listings from our Welcome page. In a few weeks we will allow users to make these public search listings visible to search engines like Google. Public Search Listings only include names and profile pictures.
Because you have restricted your search privacy settings your public search listing will not be shown. If you want friends who are not yet on Facebook to be able to search for you by name, you can change your settings on the Search Privacy page.
No privacy rules are changing; if you do choose to make this public search listing available, anyone who discovers your public search listing must sign up and login to contact you via Facebook. "
This strikes me as for once a good example of how privacy on line in web 2.0 ought to be handled - congrats to FB.
You could argue that a site like FB should not open itself to Google at all (in the interests of default privacy, etc etc) but the fact is that sites like Spock.com are already begining to scrape social networking sites like FB and make the data they contain searchable with no user opt-out or notice, and dubious supervision - so this at least pre-empts such attention, and gives the user some control.
It's also interesting that this is a case of the market dovetailing with privacy-enhancing code. FB WANT you to sign up for FB and go to their site to read that highly personal stuff - not read it on Google away from their adverts and apps (or on Spock.com).
LiveJournal, by comparison, an open source blogging site normally regarded as fairly privacy conscious, don't care (much) about ads (they make money from paid subs and are run by volunteers), so they also don't stop you allowing spiders to grab your whole blog. User choice prevails and as we all know by now, user choice when the default is no privacy, usually means disclosure by inertia. (You can opt out of spiders on LJ too, of course - but the option is distinctly not that obvious.)
But wait - they're actually doing it RIGHT.
a. They're only allowing name and profile pictures to appear in search results - not all the rest which tends to include highly personal material.
b. everyone appears to be getting prominent notice IN ADVANCE that they can opt out of their info being released onto Google
c. most impressively, if like me (and I imagine rather rarely) you'd already opted to "hide" on facebook, ie, not be searchable by name in their listing, you are automatically opted out of the Google release.
This appeared at the top of my FB profile this morning:
"Facebook now enables anyone to search for Facebook users who have public search listings from our Welcome page. In a few weeks we will allow users to make these public search listings visible to search engines like Google. Public Search Listings only include names and profile pictures.
Because you have restricted your search privacy settings your public search listing will not be shown. If you want friends who are not yet on Facebook to be able to search for you by name, you can change your settings on the Search Privacy page.
No privacy rules are changing; if you do choose to make this public search listing available, anyone who discovers your public search listing must sign up and login to contact you via Facebook. "
This strikes me as for once a good example of how privacy on line in web 2.0 ought to be handled - congrats to FB.
You could argue that a site like FB should not open itself to Google at all (in the interests of default privacy, etc etc) but the fact is that sites like Spock.com are already begining to scrape social networking sites like FB and make the data they contain searchable with no user opt-out or notice, and dubious supervision - so this at least pre-empts such attention, and gives the user some control.
It's also interesting that this is a case of the market dovetailing with privacy-enhancing code. FB WANT you to sign up for FB and go to their site to read that highly personal stuff - not read it on Google away from their adverts and apps (or on Spock.com).
LiveJournal, by comparison, an open source blogging site normally regarded as fairly privacy conscious, don't care (much) about ads (they make money from paid subs and are run by volunteers), so they also don't stop you allowing spiders to grab your whole blog. User choice prevails and as we all know by now, user choice when the default is no privacy, usually means disclosure by inertia. (You can opt out of spiders on LJ too, of course - but the option is distinctly not that obvious.)
Thursday, June 14, 2007
Google Pot Shots
As has been true for some time, it seems to be open season on Google. With great innovation, comes great.. um.. legal liability? Here's a very quick round up..
OUT-LAW restrainedly report "Google's Street View could be unlawful in Europe".
"Well, you can't say fairer than that " said an unamed source at Google..
The question here seems to be whether you view Google Street View as more like looking at the world with your own eyes, say from the top of a double decker bus (unconditionally legal) or as more like CCTV (regulated, at least in the EU, by DP law, and also by some case law of the ECHR, such as Peck). AS OUT-LAW note, if the latter paradigm is applied, then Google need to give adequate notice that surveillance is in operation to anyone who might be caught on STreet View and identifiable a a living person. Will we see 40 feet high billboards over London announcing "YOu are now on Google Maps. Be very afraid."? It reminds Pangloss of the old suggestion that London streets should be painted with the squares of the London A-Z for easy navigation.. One way out of this not identified by the otherwise excellent Struan Robertson, is the Durant v FSA get-out - it might be argued that no particular person is the focus of the attention of Google Street View and therefore no particular person has DP rights. Of course, Durant may not last forever:-)
More seriously, Google's privacy practice is apparently worse than Microsoft's. Yes, really Jemima - at least according to the much respected Privacy International, who surveyed a variety of Internet businesses. Results:
Privacy-friendly and privacy-enhancing. Nobody...
Generally privacy-aware: BBC, Ebay, last.fm, LiveJournal, Wikipedia
Notable lapses of privacy: Amazon, Bebo, Friendster, Linkedin, Myspace, Skype
Serious Lapses: Microsoft, OrKut, Xanga, YouTube
Substantial Threat to privacy: AOL, Apple, Facebook, Hi5, Reunion.com, Windows LiveSpaces, Yahoo
Hostile to privacy, comprehensive consumer surveillance: Google
Not everyone is convinced - see rebuttal at http://searchengineland.com/070610-100246.php .
(With thanks to Pete Fenelon for tip off.)
OUT-LAW restrainedly report "Google's Street View could be unlawful in Europe".
"Well, you can't say fairer than that " said an unamed source at Google..
The question here seems to be whether you view Google Street View as more like looking at the world with your own eyes, say from the top of a double decker bus (unconditionally legal) or as more like CCTV (regulated, at least in the EU, by DP law, and also by some case law of the ECHR, such as Peck). AS OUT-LAW note, if the latter paradigm is applied, then Google need to give adequate notice that surveillance is in operation to anyone who might be caught on STreet View and identifiable a a living person. Will we see 40 feet high billboards over London announcing "YOu are now on Google Maps. Be very afraid."? It reminds Pangloss of the old suggestion that London streets should be painted with the squares of the London A-Z for easy navigation.. One way out of this not identified by the otherwise excellent Struan Robertson, is the Durant v FSA get-out - it might be argued that no particular person is the focus of the attention of Google Street View and therefore no particular person has DP rights. Of course, Durant may not last forever:-)
More seriously, Google's privacy practice is apparently worse than Microsoft's. Yes, really Jemima - at least according to the much respected Privacy International, who surveyed a variety of Internet businesses. Results:
Privacy-friendly and privacy-enhancing. Nobody...
Generally privacy-aware: BBC, Ebay, last.fm, LiveJournal, Wikipedia
Notable lapses of privacy: Amazon, Bebo, Friendster, Linkedin, Myspace, Skype
Serious Lapses: Microsoft, OrKut, Xanga, YouTube
Substantial Threat to privacy: AOL, Apple, Facebook, Hi5, Reunion.com, Windows LiveSpaces, Yahoo
Hostile to privacy, comprehensive consumer surveillance: Google
Not everyone is convinced - see rebuttal at http://searchengineland.com/070610-100246.php .
(With thanks to Pete Fenelon for tip off.)
Subscribe to:
Posts (Atom)