Feeds

How Google lost the trust of Europe’s data protection authorities

The days of teensy fines may be over for Mountain View

Build a business case: developing custom apps

Opinion Over the last two years, various European data protection commissioners have taken action against Google. Hardly a month goes by without something being reported: a €145,000 (£121,000, $189,000) StreetView fine here or a court case about jurisdiction there.

So it is important to understand: “Why is Google on the receiving end all this enforcement action?” Why now, and not five years ago? What has changed?

From Europe’s data protection commissioners' perspective, there is a collective recognition that Google has given them the equivalent of the two fingers. Despite a lack of powers and resources, (and even though, for example, a maximum fine of £500,000 is a pinprick to an organisation whose profits are running at more than £8bn per year), the commissioners have collectively concluded that not to take action is not an option.

From Google’s perspective, I don’t know whether it is “carelessness” or “arrogance” or a combination of the two. “Carelessness” because data protection regulators generally try to reach some kind of compromise; so why can’t Google compromise? “Arrogance” because Google might have taken the view that it is such a rich, powerful and profitable multinational that it can process personal data despite the concerns of national data protection regulators (and if there is a dispute, tie them down in court processes that wipe out their legal budget).

'Faustian pact' and increasing surveillance

Five years ago, there was an acceptance by most internet users that the free access to services offered by Google involved an undeclared "Faustian pact". The user received the services for free and in return Google captured some data that assists something called “behavioural advertising”.

At that time, the user did not care much because - what the heck - the internet experience was really valuable and of course, the internet got better by the day. The pact was sustained in the knowledge that free access to the internet was (and still is) the main delivery vehicle for uncensored information into authoritarian regimes.

Of course, at that time also, there were a collection of “privacy nutters” bleating on the side-lines, identifying a host of hypothetical or far-fetched problems. For instance, the StreetView images of anonymous individuals (but identifiable to those who know that individual) entering a sex shop or, more recently, receiving a hand-job in the back streets of Manchester. I guess that such images caused more general amusement than concerns over individual privacy – after all the user was not looking at himself or herself.

However, over time, there has been dawning realisation that Google’s surveillance does indeed focus on each and every user; Google follows surfers around the net, wherever they go, whether they are logged into a Google service or not.

As Google’s “free” services expanded and the internet developed, this pact resulted in an unrestrained collection of more data about its users. This in turn resulted in a virtuous (or vicious) spiral; a booming business that needs more and more user data to guarantee higher and higher revenues from advertising.

That is why Google’s mission statement is all about data collection: it states that “Google’s mission is to organise the world’s information and make it universally accessible and useful”. Want a “scary version” of this statement? Just place the word “personal” before the word “information” and ask “accessible by whom?” or “useful for what?”.

It is no surprise that Google’s vast personal data collections are acting as a magnet for other forms of surveillance activity. That is why Governments want access to how the public uses the Internet so that law enforcement can obtain IP addresses and details of browsing habits. The collection and subsequent retention of such personal data concerns all users irrespective of whether or not there are grounds for suspicion for its retention.

The privacy issue here can be simply expressed: the grounds for suspicion about an individual user do not arise before the time of collection of IP addresses etc. Such grounds are found afterwards when the authorities, in some back office and at some time in the future, try to find a “wrong-un”. If a profiling algorithm is used, then any suspicion is likely to be based on a pre-programmed set of assumptions. In this way, the data that Google (and others) collect turns every user into a potential suspect.

Boost IT visibility and business value

More from The Register

next story
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?