Thread: Google declares open war on Europe’s privacy rights

Google declares open war on Europe’s privacy rights

http://www.privacysurgeon.org/blog/i...rivacy-rights/

Online privacy, Regulatory action



By Simon Davies
The great social commentator Tom Lehrer once observed “Political satire became obsolete when they awarded Henry Kissinger the Nobel Peace Prize.” He was so right. There comes a very disquieting moment in every aspect of our world when satire eventually meshes with reality and the two become indistinguishable. Such is the case right now with Google.

It was bitter, sarcastic, bitchy, accusatory, threatening, childish and – above all – an utter mockery of any claim Google has of holding the high ground on privacy protection.

Yesterday I published a satirical blog about Google’s contempt for privacy regulators – particularly those in Europe. It was composed as the sort of letter that Google would secretly love – but would never dare – to send to these regulators. It was bitter, sarcastic, bitchy, accusatory, threatening, childish and – above all – an utter mockery of any claim Google has of holding the high ground on privacy protection. It was so over the top, I reckoned, that no reasonable person could ever construe it as real. How wrong I was, and how out of touch I can be.
I started receiving worried calls minutes after it was published. First from friends and colleagues who should know me better. Then from a couple of journalists who I thought surely would have instinctively seen the satire. Messages appeared on Facebook debating the letter’s validity, with some correspondents fuming that such a missive should have been sent to Europe.
Hell, of course it was satire. Google would never send a letter claiming that its profits are directly linked to Internet freedoms. Google would never send a letter so blatantly telling regulators to go screw themselves. But still, the queries flooded in as more people perceived the blog as reality.

Hell, of course it was satire. Google would never send a letter claiming that its profits are directly linked to Internet freedoms.

I was finally forced to place a caveat on the blog advising that the letter was not real.
OK, I blew it. Maybe I’m a better satirist than I imagined. Or maybe people are more gullible than I imagined.
Then this morning a colleague pointed me in the direction of the personal blog of Google’s Chief Privacy Counsel, Peter Fleischer. Reading it induced one of those rare Eureka moments for me. Peter’s blog is an an outright declaration of war on EU law. The satire had become reality.
Before I quote from his blog, let me set context by confirming that Peter Fleischer is a scarily talented and intelligent professional who has my admiration as someone who dares to be different and controversial. In another world he may have been a good friend. But years of fighting Google over its countless transgressions on privacy have left battle scars on both of us. When Peter and two other Google executives were convicted in Italy of a criminal offence over a posting on YouTube I felt an overwhelming human emotion of support, but I had to keep in mind that Peter – like all others on the Google ship – was reaping as he had sowed.

Peter’s blog explained why people could no longer distinguish satire from reality with Google.Peter’s blog explained why people could no longer distinguish satire from reality with Google.

Right at the very moment when Europe’s privacy regulators are investigating the company over breaches of privacy law and as the European competition regulator is assessing the company over antitrust issues, he says this: “Re-read Don Quixote as you follow the debate about revising Europe’s privacy laws. Is it more noble to pursue the glory of fantasy over the indignities of the real world? Do we want to defend an obsolete chivalric code, while the rest of the world looks on with derision? Do we want a strong privacy law that can be operationalized or a glorious piece of literature?”
A poetic start. Always ground a vicious attack upon the foundation of literary culture. It is a tactically sound approach. But as Peter becomes more contemporary, he has to abandon the literary buttress:
“American companies are starting to freak and shriek about Europe’s upcoming new privacy laws. In turn, various European politicians are publicly posturing about how all this is required to rein in American companies, while feigning resentment that American companies are lobbying for their interests in Brussels.”

It was your own Foreign Service that threatened a trade war with Europe over the privacy reforms

A controversial view, but… “posturing”? “feigning”? It was the US Foreign Service that recently threatened a trade war with Europe over the privacy reforms. And when our own elected representatives start copy pasting your lobbyists’ advice into Europe’s law an intelligent man like you should surely understand why people are concerned. If that were ever to happen in the US the violators would be seen as traitors to America. The result of all this is a domino fall of campaigns to assert Europe’s rights against the self interest of American entities. I recall the US did the same against UNESCO by denying it funding.
Peter’s argument continues:
“In reality, of course, the new proposed EU laws are full of flaws, in particular imposing lots of pricey new compliance-bureaucracy obligations, and threatening minor compliance violations with absurdly-high fines in the range of 2% of a company’s global turnover.”
I feel this is a little facetious. The FTC has the power to fine to such an overwhelming magnitude that given the number of people affected by recent Google’s transgressions, the agency could have bankrupted the company several times over. Penalties don’t play out that way. Unlike Europe, the FTC blatantly negotiates penalties with the transgressors, and as the recent banking infractions show, US regulators hold aloft economic pragmatism above all other dynamics..

The FTC has the power to fine to such an overwhelming magnitude that given the number of people affected by recent Google’s transgressions, the agency could have bankrupted the company several times over.

Interestingly – and this goes to the heart of my personal admiration for Peter – he adds:
“But let’s not let reality sully this tale. Don Quixote is defending privacy against the American-mega-corporate-privacy-slayers. Don Quixote is defending the Right to be Forgotten.”
Now that isn’t Google policy. Maybe I missed it, but I don’t recall Google ever saying it supported the right to be forgotten.
Let me continue:
“Sadly, things don’t end well for the noble knight, unsettling and unsaid…American companies will come out big winners, compared to their European rivals. European companies face decades of innovation-paralysis under the new rules. American companies will just reorganize and relocate certain operations out of Europe to mitigate risk.”
Peter must have been distracted by a Shakespearean sonnet, or whatever it is that smart cultured people get distracted by. I’m sure if he reflected on this statement for a second he’d recall that the same arguments were hurled against everything from the emancipation of slaves to industrial health and safety and environmental protection. All false claims, as it turned out.
Still, Peter deserves a full hearing, so here is a solid chunk of his reasoning:
“Like many people in the privacy profession, throughout my career, I had always thought it was sensible to apply Europe’s privacy laws worldwide, in the interests of maintaining one, consistent worldwide standard. I’m changing my mind now. As the proposals to revise the privacy laws in Europe become whackier by the day, I am starting to believe that the “world” will have to watch Europe do its own thing in its own backyard, while maintaining a different, faster, more innovative pace in the “rest of world”. Granted, Europe is a market that is just too big to ignore, but that’s no reason why special compliance rules for it should be exported globally. No one applies Chinese censorship rules outside of China, so this would hardly be the first time that companies apply special rules in one particular country/region.”

Ah, a complaint about Europe exporting bad laws worldwide. CALEA anyone? US PATRIOT? National security arrangements? MLAT agreements? Extradition treaties?

Ah, a complaint about Europe exporting bad laws worldwide. CALEA anyone? US PATRIOT? National security arrangements? MLAT agreements? Extradition treaties?
Sorry, I interrupted:
“Europe’s proposed rules will end up costing a lot, if you care about innovation in Europe. I’m a technophile, in the sense of believing that fast innovation is the only hope to maintain high rich-world living standards for our aging Western societies in the future. But I am troubled by how many roadblocks are being put in place to drag down the speed of innovation. Don’t get me wrong: I’m all for serious privacy ethics, for privacy sensitivity, for privacy by design. But I’m not a fan of privacy-bureaucracy-drag. Europe, as one would expect, developed the world’s most extreme form of bureaucracy-drag, when it invented the notion of bureaucratic “prior approval” for new technologies. That means that a new technology is dependent on a bureaucracy’s prior approval before being launched. Or prior approvals for international data transfers (how absurd, in the age of the Internet!). Or prior approvals for binding corporate rules, and a thousand other bureaucratic hills and hurdles. Reality, again, is often a rather dis-spiriting affair.”
Some interesting thoughts, but where do I begin. Well, Germany and the Nordic countries, in particular, have a very high output of innovation while supporting strong data protection and very buoyant economies. And as for prior approval, come on, the US has an equal measure of prior approval to Europe on everything from agricultural machinery to pharmaceuticals. ICT should be no different.
I’ve asked Peter to write a guest blog addressing some of these contradictions. I’ll keep you posted.

Leaked letter establishes Google as the best thing for privacy since the invention of toilet cubicles

http://www.privacysurgeon.org/blog/i...-of-camel-poo/

Online privacy, Privacy policies, Regulatory action


In the wake of yet another scandal involving the misuse of customer data, Google appears to have lost its sanity. Following its attempt to bully the press into toning down coverage of the controversy, EU privacy authorities have vowed to step up their investigation into the company. This leaked letter shows the depth of concern the advertising giant has for European privacy rights.
____________________________________________

Google Inc.
Mountainview CA
United States of America

17th February 2013

Jon Leibowitz,
Chairman, Federal Trade Commission,
Washington DC Joaquín Almunia
European Commissioner for Competition,
Brussels, Belgium Jacob Kohnstamm
Chairman, Article 29 Working Party,
Brussels, Belgium Isabelle Falque-Pierrotin
President
Commission nationale de l’informatique et des libertés,
Paris, France
Dear Jon, Joaquin, Jacob and Isabelle,
Re: Your persecution of Google
As regulators representing the so called “privacy” interests of Europe and the United States you have all chosen to pursue Google over issues ranging from anti-competitive practices to deception, illegal activity and unfairness. So we’ve decided to send you this aggregated response. We reckon that if all data can rightly be aggregated into a policy silo, then all regulators can be rightly aggregated into a regulatory silo. Agreed?

If you think Google’s privacy policy has any bearing on privacy you’re barking up the wrong tree.

Anyway, we’ll get straight to the point. You’ve probably read in the press that apps developers who sell their products through Google Play have received the personal details of everyone who buys those apps. The data is trivial – name, email address, Zip Code – in other words, nothing that the NSA doesn’t already have. But because Google cares about privacy we want to set the record straight before some zealot jumps to the wrong conclusion. It seems quite a few people – including the apps customers – are surprised by this situation. They’ve been running around quoting random bits of the Google privacy policy like “We do not share personal information with companies, organizations and individuals outside of Google”, as if such phrases are in some way relevant.
This is a misguided notion. If you think Google’s privacy policy has any bearing on privacy you’re barking up the wrong tree. Our privacy policy was never meant to tell you what actually happens to your data – its purpose is to remind you what you’d LIKE to happen to your data. In that way our policy is aspirational rather than rational – like marijuana prohibition or the European Data Protection Directive. Google lives in the real world – not in the world of fantasy privacy policies.

European regulators like yourselves pretend to champion high privacy standards, yet you cheerfully allow the US government and us to trample all over your citizens’ privacy.

As we’ve already said, our practice of sharing the personal information of people who buy Android smartphone apps with the developers is an appropriate, longstanding and legal part of our business process. So why is everyone droning on about customer consent? We’re just doing what is necessary for our business interests. Let’s not be hypocritical. European regulators pretend to champion high privacy standards, yet you cheerfully allow the US government and us to trample all over your citizens’ privacy. Enough said.
Anyway, Google believes in the creation of a global family. When we say “We do not share personal information with companies, organizations and individuals outside of Google” we include everyone in the Google family – along with apps developers who we’ve never met. We trust and embrace anyone who will help us make a living. In that way we’re like all governments – and most regulators. We are in fact the embodiment of the European ideal. And the American ideal.
With all due respect, you’re not doing yourself any favours by making such an issue of our occasional scandals. First you persecute us for an innocent mistake made by a lone engineer when we sucked up the communications content from a few million careless WiFi users. Then you complain about some trivial circumvention of the privacy settings in Safari. Now you’re frothing about us broadcasting a few personal details of apps purchasers without consent or notice. This seems to us more like an arcane moral crusade than responsible pro-market guidance. You Europeans should follow the FTC’s example and maybe you’d end up attracting some global leadership in the information industry. Right now we’re afraid you’re looking like the regulatory equivalent of a backwater sheriff from Podunk Louisiana (no disrespect intended to Louisiana).

Right now we’re afraid you’re looking like the regulatory equivalent of a backwater sheriff from Podunk Louisiana

We will explain once again how the latest “scandals” evolved. The WiFi grab was the innocent work of a lone engineer, the Safari workaround was the innocent work of a lone team and the Apps disclosure was the innocent work of a lone Google department. That’s what makes Google great. No matter what the scale, there’s a place in our business model to suit your initiative. At Google we don’t believe in burdening you with restrictive bureaucratic oversight. We lead the world because we don’t play the ball inside the boundaries – we play the ball to WIN inside the boundaries. If the ball goes over the line occasionally, that makes great sport. And it makes a great corporation.
On that note, we should address claims that Google has again breached the 2010 Buzz Consent Decree with the FTC. Our reading is that the consent decree requires us to obtain ‘express, affirmative consent’ from users whenever we changes our privacy disclosure policy.” Well, our policy of invading the privacy of our apps customers has been in place for years, so the Decree doesn’t apply.

Had you not hit us with a $22.5 million fine we wouldn’t even need to monetize data as much as we do to make up for the seven hours of lost profit you imposed on us.

Jon, you got away with slapping us over the Safari breach, but the American public won’t stand for such vandalism a second time. Had you not hit us with a $22.5 million fine we wouldn’t even need to monetize data as much as we do to make up for the seven hours of lost profit you imposed on us. And as for Europe, you are the ones who set the standard for our reaction. Anytime your telco regulators impose a new burdensome restriction on your mobile sector the providers simply add a new cost on their customers to make up for lost profits. That’s how commerce works. You lot in Europe bleat on about “net neutrality” and “digital divide” and “Internet as a fundamental right”. Well you can’t have it both ways. You can’t demand the moon and then dodge the question “Who’s going to pay?”
Well, we’ll tell you who’s going to pay. Google is going to pay. Or, more precisely, the public will pay by putting money into the businesses that put their money into Google. Then Google banks its profits, invests that money in buying up patents and finally allows the banks to divert our savings as loans to struggling startups that – when the bank debt gets too high – we snap up for a bargain.
And we achieve all this without paying the required amount of tax in places like the UK. That means we can make more profit and thus help fundamental human rights even more.
So by attacking us you are damaging the prospects for a safe, fair, accessible and flourishing Internet. We hope you feel smug about that.
Yours sincerely
Eric Schmidt
Executive Chairman
Sergei Brin
Chief Executive Officer
(aggregated)