Feeds

Google's proposed global privacy standard slammed

Too vague and weak: privacy expert

Choosing a cloud hosting partner with confidence

The set of rules which Google proposed as the foundation for a global privacy standard are inadequate, a privacy law expert has said. The rules are not specific enough to operate as a global standard, said the expert.

Last month Google's Global Privacy Counsel Peter Fleischer endorsed the Privacy Framework (pdf) published by the Asia-Pacific Economic Community (APEC) in 2005, describing it as "the most promising foundation on which to build".`

"Surely, if privacy principles can be agreed upon within the 21 APEC member economies, a similar set of principles could be applied on a global scale," wrote Peter Fleischer in the search giant's Public Policy Blog.

But privacy expert Dr Chris Pounder of Pinsent Masons, the law firm behind OUT-LAW.COM, has analysed the APEC rules and found that they are not only significantly more lax than those in operation in Europe, they are so broadly defined that they cannot operate as a standard at all.

"The framework's principles were drafted in order to get agreements between diplomats – and diplomatic agreements tend to fudge important issues," wrote Dr Pounder in his analysis. "The result is that the principles are ambiguous as to their effect and are capable of a vast number of interpretations and implementations."

That ambiguity means that even on its own terms, as a proposed basis for harmonising the privacy laws of a large number of countries, the guidelines fail because they allow too much room for countries to differ, said Pounder.

There are also specific problems with the rules, according to Pounder. "There is a requirement to establish an enforcement mechanism, but this can be very low key," he wrote. He also notes that there is no requirement to establish a Privacy Commissioner to oversee compliance.

European privacy laws say a person must be told that their data is being collected at the point of that collection. The APEC rules are more lax, though, and even allow for notice to be given after data has been collected.

"The procedures that deliver a data subject with a notice could become separate from procedures that collect personal data from a data subject," argued Pounder.

While stricter data protection regimes ban the use of collected data for purposes other than those for which it was gathered, the APEC rules allow data to be shared for "compatible or related purposes", which Pounder said gave collectors of data more room to share data.

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
Hungary's internet tax cannot be allowed to set a precedent, says EC
More protests planned against giga-tariff for Tuesday evening
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.