Feeds

Google's proposed global privacy standard slammed

Too vague and weak: privacy expert

Next gen security for virtualised datacentres

The set of rules which Google proposed as the foundation for a global privacy standard are inadequate, a privacy law expert has said. The rules are not specific enough to operate as a global standard, said the expert.

Last month Google's Global Privacy Counsel Peter Fleischer endorsed the Privacy Framework (pdf) published by the Asia-Pacific Economic Community (APEC) in 2005, describing it as "the most promising foundation on which to build".`

"Surely, if privacy principles can be agreed upon within the 21 APEC member economies, a similar set of principles could be applied on a global scale," wrote Peter Fleischer in the search giant's Public Policy Blog.

But privacy expert Dr Chris Pounder of Pinsent Masons, the law firm behind OUT-LAW.COM, has analysed the APEC rules and found that they are not only significantly more lax than those in operation in Europe, they are so broadly defined that they cannot operate as a standard at all.

"The framework's principles were drafted in order to get agreements between diplomats – and diplomatic agreements tend to fudge important issues," wrote Dr Pounder in his analysis. "The result is that the principles are ambiguous as to their effect and are capable of a vast number of interpretations and implementations."

That ambiguity means that even on its own terms, as a proposed basis for harmonising the privacy laws of a large number of countries, the guidelines fail because they allow too much room for countries to differ, said Pounder.

There are also specific problems with the rules, according to Pounder. "There is a requirement to establish an enforcement mechanism, but this can be very low key," he wrote. He also notes that there is no requirement to establish a Privacy Commissioner to oversee compliance.

European privacy laws say a person must be told that their data is being collected at the point of that collection. The APEC rules are more lax, though, and even allow for notice to be given after data has been collected.

"The procedures that deliver a data subject with a notice could become separate from procedures that collect personal data from a data subject," argued Pounder.

While stricter data protection regimes ban the use of collected data for purposes other than those for which it was gathered, the APEC rules allow data to be shared for "compatible or related purposes", which Pounder said gave collectors of data more room to share data.

The essential guide to IT transformation

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.