Feeds

How Google lost the trust of Europe’s data protection authorities

The days of teensy fines may be over for Mountain View

Security for virtualized datacentres

Opinion Over the last two years, various European data protection commissioners have taken action against Google. Hardly a month goes by without something being reported: a €145,000 (£121,000, $189,000) StreetView fine here or a court case about jurisdiction there.

So it is important to understand: “Why is Google on the receiving end all this enforcement action?” Why now, and not five years ago? What has changed?

From Europe’s data protection commissioners' perspective, there is a collective recognition that Google has given them the equivalent of the two fingers. Despite a lack of powers and resources, (and even though, for example, a maximum fine of £500,000 is a pinprick to an organisation whose profits are running at more than £8bn per year), the commissioners have collectively concluded that not to take action is not an option.

From Google’s perspective, I don’t know whether it is “carelessness” or “arrogance” or a combination of the two. “Carelessness” because data protection regulators generally try to reach some kind of compromise; so why can’t Google compromise? “Arrogance” because Google might have taken the view that it is such a rich, powerful and profitable multinational that it can process personal data despite the concerns of national data protection regulators (and if there is a dispute, tie them down in court processes that wipe out their legal budget).

'Faustian pact' and increasing surveillance

Five years ago, there was an acceptance by most internet users that the free access to services offered by Google involved an undeclared "Faustian pact". The user received the services for free and in return Google captured some data that assists something called “behavioural advertising”.

At that time, the user did not care much because - what the heck - the internet experience was really valuable and of course, the internet got better by the day. The pact was sustained in the knowledge that free access to the internet was (and still is) the main delivery vehicle for uncensored information into authoritarian regimes.

Of course, at that time also, there were a collection of “privacy nutters” bleating on the side-lines, identifying a host of hypothetical or far-fetched problems. For instance, the StreetView images of anonymous individuals (but identifiable to those who know that individual) entering a sex shop or, more recently, receiving a hand-job in the back streets of Manchester. I guess that such images caused more general amusement than concerns over individual privacy – after all the user was not looking at himself or herself.

However, over time, there has been dawning realisation that Google’s surveillance does indeed focus on each and every user; Google follows surfers around the net, wherever they go, whether they are logged into a Google service or not.

As Google’s “free” services expanded and the internet developed, this pact resulted in an unrestrained collection of more data about its users. This in turn resulted in a virtuous (or vicious) spiral; a booming business that needs more and more user data to guarantee higher and higher revenues from advertising.

That is why Google’s mission statement is all about data collection: it states that “Google’s mission is to organise the world’s information and make it universally accessible and useful”. Want a “scary version” of this statement? Just place the word “personal” before the word “information” and ask “accessible by whom?” or “useful for what?”.

It is no surprise that Google’s vast personal data collections are acting as a magnet for other forms of surveillance activity. That is why Governments want access to how the public uses the Internet so that law enforcement can obtain IP addresses and details of browsing habits. The collection and subsequent retention of such personal data concerns all users irrespective of whether or not there are grounds for suspicion for its retention.

The privacy issue here can be simply expressed: the grounds for suspicion about an individual user do not arise before the time of collection of IP addresses etc. Such grounds are found afterwards when the authorities, in some back office and at some time in the future, try to find a “wrong-un”. If a profiling algorithm is used, then any suspicion is likely to be based on a pre-programmed set of assumptions. In this way, the data that Google (and others) collect turns every user into a potential suspect.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst
Big weekend queues only represent fruity firm's supply
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Bill Gates, drugs and the internet: Top 10 Larry Ellison quotes
'I certainly never expected to become rich ... this is surreal'
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
EMC, HP blockbuster 'merger' shocker comes a cropper
Stand down, FTC... you can put your feet up for a bit
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.