Google Won't Pause New Privacy Policy - Should They Have To?

google-services-plus-youQuestions over Google’s new privacy policy continue despite their best efforts to quell fears. In a lengthy response to EU regulators who had asked Google to hold off on implementing the new policy, they make clear the policy will take effect March 1, as planned.

In the letter to Article 29 Working Party chairman Jacob Kohnstamm, Google’s Global Privacy Counsel Peter Fleischer notes they have not changed their approach to privacy and that they “met with many of your counterparts in other countries in the weeks before we announced the change.”

Should Google Bow to EU Pressure to Pause the New Privacy Policy Launch?

“As you will know, we had extensively pre-briefed data protection authorities across the EU prior to the launch of our notification to users on 24 January 2012," Fleischer wrote further on in the letter. "At no stage did any EU regulator suggest that any sort of pause would be appropriate.”

Fair enough, no? The problem we seem to see over and over with privacy and other Internet-related concerns (which we also witnessed throughout the SOPA protest) is that it takes the scrutiny and evaluation of proposed legislation or policy by the public themselves to surface many of these concerns.

Should a period of public consultation be a requirement for changes of a certain nature when made by a public company, or when those changes affect issues like privacy? Are lawmakers and regulators just not asking the right questions? It’s impossible to tell from the sidelines, but it is clear that lately, there seems to be another proposed act, law, or policy causing grief in the news almost every week.

U.S. Congress Still Has Concerns After Closed-Door Meeting

One concern in particular, data deletion and the lack of clarity surrounding just how and when purging happens, has members of U.S. Congress demanding a better explanation.

On January 30, Google responded to a letter from eight members of Congress. One of the issues addressed in their response was whether users can opt out of the new privacy policy. Let’s be completely realistic, people; where else do you get to simply opt out of a privacy policy? It doesn’t happen.

As somewhat of a privacy advocate, even I think it’s unreasonable to expect any company to operate on two separate sets of rules to accommodate users. Google did confirm that opting out is not going to be a possibility for people who want to use their services.

Google points out that users can use many services, such as Search, Maps, and YouTube, without signing in. Privacy controls include turning off search history, switching Gmail chat to “off the record,” using Incognito mode in Chrome, etc.

Yesterday, Google’s deputy general counsel Mike Yang and public policy director Pablo Chavez attended a closed-door meeting with ten U.S. representatives. Rep. Mary Bono Mack, R- Calif., arranged the briefing, telling USA Today that Google’s March 1 launch date for the new policy doesn’t leave time for a full public hearing.

One of Bono Mack’s chief complaints is a somewhat convoluted theory that cross-profile data tracking is a violation of HIPPA because someone might search for "cervical cancer" and forget to sign out afterward – an argument that just doesn’t seem to have legs.

The Data Retention Question is Bigger Than Google

Rep. Joe Barton, R-Tex., told USA Today, “I asked specifically about Google's deletion policy and got some disturbing answers. I may hit delete, but that doesn't mean the material goes away immediately. It was obvious to me, as I left the room, that this company has established this policy so instead of the consumer being the master of the Internet, Google is the master of the consumer. I think that is just wrong."

Data retention is an internationally volatile issue. In the U.S., two mandatory data retention bills were shot down in 2009, while the controversial H.R. 1981 has made its way back onto the calendar.

If you cancel your Facebook account and log in again a year later, your profile will reactivate. Congress are asking important questions of Google, but I have one for Congress: what would you like Google to do as far as data retention and purging and why aren’t they required to take that specific action by law?

If there is a mandatory data purging timeline companies like Google and Facebook should adhere to, I bet you they would... because they would have to. Seems to me that if lawmakers had been as busy putting guidelines in place to protect users as they were trying to protect MPAA and RIAA profits with SOPA, Google would have clear cut data retention and purging guidelines to follow.

So is it fair now for lawmakers to ask that Google “pause” rolling out a feature that has already been announced when the questions underlying concerns aren’t exactly new, have in fact been around for a while, and have gone largely unaddressed by lawmakers?

Your guess is as good as mine. It doesn’t seem unreasonable, though, that if Congress has something specific in mind, they simply ask Google to do it, whether that is a a complete purge of all data after six months, twelve months, eighteen months, etc. If they refuse, put a law in place requiring it.

Of course, if Congress truly feels this way about data retention and the duty to purge for the sake of the user, they may need to stop entertaining bills that promote keeping data even longer, like H.R. 1981. Can’t have it both ways.