Marking 20 years
of bold journalism,
reader supported.
Mediacheck
Science + Tech

Your Privacy Ends at the Border

But the Google Buzz slam by 10 governments may signal a new day of global privacy protection.

Michael Geist 27 Apr 2010TheTyee.ca

Michael Geist, whose column on digital policy and law runs every Tuesday on The Tyee, holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at [email protected] or online at www.michaelgeist.ca.

image atom
Back off Google: Canadian Privacy Commissioner Jennifer Stoddart.

Last week the talk of the privacy world was news that 10 privacy and data protection commissioners -- led by Canadian Privacy Commissioner Jennifer Stoddart -- had released a public letter to Google CEO Eric Schmidt, expressing concern that the Internet giant was forgetting its privacy responsibilities.

The letter, also signed by the heads of privacy agencies from France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain and the United Kingdom, focused on the recent introduction of Google Buzz, a service that offered new social media capabilities. It attracted the wrath of users and privacy advocates after Google automatically assigned users a network of "followers" from among people with whom they corresponded most often on Gmail.

Google quickly altered the offending features, but the damage was clearly done, as privacy commissioners from around the world used the incident as the basis for a shot across the company’s bow.

Stoddart's role in the letter is instructive. Fresh off last year's successful showdown with Facebook, in which the popular social media site agreed to alter some of its policies for its more than 400 million users based on a single Canadian complaint, her office has jumped on the technology bandwagon, actively blogging, twittering, and engaging on Internet related issues.

Bring in the regulators?

Business reaction to the letter was decidedly mixed, however. Some argued that it foreshadowed potential regulatory action against Google and other major Internet companies. Others were more skeptical, noting that a closer reading of the letter revealed that the commissioners had few specific complaints remaining about Google Buzz, given the changes implemented by the company weeks earlier. Moreover, when asked about the status of the case, Stoddart admitted that there had not been a formal investigation into the matter.

As experts debated the importance of the letter, the longer-term impact may come not from specific actions against a company such as Google (there does not appear to be much likelihood of imminent action) but rather from the realization that the joint effort may represent a major step toward the globalization of privacy enforcement.

The difficulties associated with cross-border privacy enforcement has long been viewed as a particularly thorny issue in a world where data moves effortlessly across borders and private companies retain massive databases containing a myriad of personal information.

The European Union has attempted to address the issue by establishing restrictions on the export of data, requiring that data transfers be limited to those countries with "adequate" privacy protections. Canada has adopted a different approach, eschewing restrictions on data exports but holding organizations accountable for the data they collect, regardless of its location.

A new international layer of enforcement

Despite efforts to assure the public that these regulatory systems offered effective privacy protections, the reality has been that privacy rules are purely domestic creatures that end at the border. Indeed, only a few years ago, Stoddart's office maintained that it could not even investigate a case involving a foreign-based company.

The joint letter signals a new approach to privacy enforcement, one based on greater cooperation and mutual recognition of common privacy principles. While the specifics of privacy laws may vary, the underlying principles are remarkably similar across jurisdictions. As privacy and data protection commissioners work together on issues with a global impact, they create a new layer of enforcement that could lead to joint investigations and parallel enforcement actions.

After years of grappling with the challenges of borderless privacy concerns in a bordered world, that is a development worth buzzing about.  [Tyee]

Read more: Science + Tech

  • Share:

Facts matter. Get The Tyee's in-depth journalism delivered to your inbox for free

Tyee Commenting Guidelines

Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.

Do:

  • Be thoughtful about how your words may affect the communities you are addressing. Language matters
  • Challenge arguments, not commenters
  • Flag trolls and guideline violations
  • Treat all with respect and curiosity, learn from differences of opinion
  • Verify facts, debunk rumours, point out logical fallacies
  • Add context and background
  • Note typos and reporting blind spots
  • Stay on topic

Do not:

  • Use sexist, classist, racist, homophobic or transphobic language
  • Ridicule, misgender, bully, threaten, name call, troll or wish harm on others
  • Personally attack authors or contributors
  • Spread misinformation or perpetuate conspiracies
  • Libel, defame or publish falsehoods
  • Attempt to guess other commenters’ real-life identities
  • Post links without providing context

LATEST STORIES

The Barometer

Do You Think Naheed Nenshi Will Win the Alberta NDP Leadership Race?

Take this week's poll