Feeds

Google's proposed global privacy standard slammed

Too vague and weak: privacy expert

Secure remote control for conventional and virtual desktops

The set of rules which Google proposed as the foundation for a global privacy standard are inadequate, a privacy law expert has said. The rules are not specific enough to operate as a global standard, said the expert.

Last month Google's Global Privacy Counsel Peter Fleischer endorsed the Privacy Framework (pdf) published by the Asia-Pacific Economic Community (APEC) in 2005, describing it as "the most promising foundation on which to build".`

"Surely, if privacy principles can be agreed upon within the 21 APEC member economies, a similar set of principles could be applied on a global scale," wrote Peter Fleischer in the search giant's Public Policy Blog.

But privacy expert Dr Chris Pounder of Pinsent Masons, the law firm behind OUT-LAW.COM, has analysed the APEC rules and found that they are not only significantly more lax than those in operation in Europe, they are so broadly defined that they cannot operate as a standard at all.

"The framework's principles were drafted in order to get agreements between diplomats – and diplomatic agreements tend to fudge important issues," wrote Dr Pounder in his analysis. "The result is that the principles are ambiguous as to their effect and are capable of a vast number of interpretations and implementations."

That ambiguity means that even on its own terms, as a proposed basis for harmonising the privacy laws of a large number of countries, the guidelines fail because they allow too much room for countries to differ, said Pounder.

There are also specific problems with the rules, according to Pounder. "There is a requirement to establish an enforcement mechanism, but this can be very low key," he wrote. He also notes that there is no requirement to establish a Privacy Commissioner to oversee compliance.

European privacy laws say a person must be told that their data is being collected at the point of that collection. The APEC rules are more lax, though, and even allow for notice to be given after data has been collected.

"The procedures that deliver a data subject with a notice could become separate from procedures that collect personal data from a data subject," argued Pounder.

While stricter data protection regimes ban the use of collected data for purposes other than those for which it was gathered, the APEC rules allow data to be shared for "compatible or related purposes", which Pounder said gave collectors of data more room to share data.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
French 'terror law' declares WAR on the INTERNET itself, say digi-rights folks
Liberté, Égalité, Fraternité: Two out of three ain't bad
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.