One aspect of the guidelines that could be highly relevant to search engine companies such as Google is the fact that there are no rules about data retention. The guidelines do not mandate the deletion of data after it has stopped being useful, or after a certain time.
Google has been mired in controversy this year, as have all the major search engines, over its policies of keeping information that can be used to connect particular searches with particular individuals for a period of time.
European data protection officials have said even Google's concession that it will delete that information after 18 months does not go far enough, and the company has faced criticism from a number of European data protection authorities.
In all, Pounder said, the APEC guidelines are not specific enough to provide a solid basis for worldwide data protection.
"If this clarity or detail fails to materialise, then the APEC Privacy Framework might still become a global standard. However, it will be a standard that is at risk of describing a global privacy fig leaf, and one which has, in the long term, the potential to undermine the international transfer of personal data between APEC's economies, if data subjects lose trust in the protection it affords.
"The Privacy Framework is an important step forward – however, acknowledging that some countries are making a step forward, has to be accompanied with the recognition that the Framework could allow the taking of steps in the opposite direction."
In a separate development, an international grouping of data protection authorities has agreed to participate in the creation of another global privacy standard. The body has resolved to lend its support to standards being developed by the International Organisation for Standardisation (ISO).
"While the development of privacy-related standards under the auspices of a security-oriented group is not an ideal solution for the data protection and privacy community, it is the structure that ISO has adopted, at least for the time being," said a statement from the International Conference of Data Protection and Privacy Commissioners.
"Responding to this approach from the standards community by becoming more actively involved in the standards development process is an essential step in order to ensure the development of privacy-respecting standards."
The proposal for more active involvement was made by Canada's Privacy Commissioner and backed by data protection authorities from Belgium, Berlin, Ontario, Spain and Switzerland.
Copyright © 2007, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Who gets to decide these things?
It is unfortunate that the fate of privacy rights laying in the balance will be determined by large corporate lobbyists instead of the public who are most affected.
One might say it's Google's data, it collected it from it's own (and affiliate) websites. Any of us would expect to be able to do as we please with our server logs. I would say this is OK until it gets to the point where Google is ubiquitous and unavoidable, then there is a real public stake involved because people don't have the choice to "just avoid google".
Mercedes proposed fuel economy standard
It's like Mercedes proposing a fuel economy 'standard' as though MORE fuel economy isn't BETTER fuel economy.
This Google guy has persistently excused their privacy policies rather than seek to improve them. He's not there to make Google a better keeper of secrets, he's there to lower the world's standard to just below whatever level Google is delivering.
Does not compute
'Google' plus 'privacy'? It doesn't add up.