copyright Katherine Tyrrell
The Google Desktop application indexes and stores versions of your files and other computer activity, such as email, chats, and web history. These versions may also be mixed with your Web search results to produce results pages for you that integrate relevant content from your computer and information from the Web. Your computer's content is not sent to Google without your explicit permission.It also has videos which explain different aspects. The privacy pages had also been revised earlier to make them rather more accessible with rather less "legalese".
According to the New York Times, Google apparently made this change in response to questions and queries.
Some users, bloggers, and regulatory bodies have asked us why we didn’t have a link, and, after evaluating, we decided that it was the right time to add one.Note, in particular, the reference to regulatory bodies. Google doesn't refer to California by name but apparently California has served or was about to serve a compliance order.
Steve Langdon, Google spokesperson
So I took a closer look at the regulatory requirements in the USA.
- The other important requirement relates to Safe Harbor. The U.S. Department of Commerce's safe harbor program is a certification program for commercial traders which has principles relating to Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement.
A safe harbor is a provision of a statute or a regulation that reduces or eliminates a party's liability under the law, on the condition that the party performed its actions in good faith.Again Wikipedia has a notable absence of information about the safe harbor program - that quote and a separate page - an extract from which is quoted below - more or less sums up the information available on wikipedia!
The United States Department of Commerce runs a certification program which it calls Safe Harbor and which aims to harmonize data privacy practices in trading between the United States of America and the stricter privacy controls of the European Union Directive 95/46/EC on the protection of personal data. For more information, see Safe Harbor Principles.
Wikipedia - safe harbor
The government website (see the link at the end) is very long on detail and very short on accessibility! This is the link to the page on the Safe Harbor Privacy Principles.
US companies can opt into the program as long as they adhere to the 7 principles outlined in the Directive. These principles must provide:
- Notice - Individuals must be informed that their data is being collected and about how it will be used.
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
- Enforcement - There must be effective means of enforcing these rules.
Companies must also recertify every 12 months. They can either perform a self-assessment to verify they comply with these principles, or hire a third-party to perform the assessement. There are also requirements for ensuring that appropriate employee training and an effective disupute mechanism is in place.
Wikipedia - Safe Harbor Principles
I then read in another New York Times Bits Blog post Our Paradoxical Attitudes Toward Privacy (2nd July 2008). It covers some recent research work about by Carnegie Mellon behavioral economist George Loewenstein who is the Herbert A. Simon Professor of Economics and Psychology at Carnegie Mellon University in Pittsburgh. Behavious is apparently paradoxical. This seems to suggest:
- personal guards are lowered and we're more likely to give personal data away when we're feeling relaxed. Consequently informal rather than official sites are likely to be more successful at extracting data from us.
- if we're assured that any data we provide will be treated confidentially we're less likely to be honest and provide accurate data
- unprofessional / informal sites are more likely to present a privacy risk
Our privacy principles are wobbly. We are more or less likely to open up depending on who is asking, how they ask and in what context.It occurs to me that maybe the paradox also extends to level of attention given to privacy by sites which ought to be acting responsibly. The more there is a need for website owners to protect personal data, the more likely they are to remain ignorant of their responsibilities. Why on earth has it taken Google this long to put a link to its privacy policies on its front page?
New York Times - quoting research findings
Anyway, as a result of having read the two NY Times articles, the California requirement and the extremely limited information on wikipedia about safe harbor
- Do you think you know enough about privacy and what the law is in different places?
- How do people who buy your art know that you will protect their personal data?
- Are you making any changes to how you deal with privacy on your website and/or blog?
- Does anybody want to participate in a search for good practice examples of privacy policies?
Note: The drawing at the top is one done in the Free Drop In Life Class which is generally run on the first Thursday of each month during term time at the Prince's Drawing School in Shoreditch. The model is the same person. He swopped between poses about every 5-10 minutes for about 25 minutes. The challenge was to get the same person on the same page and to plan the drawing and relationships from the beginning. Try it at home! Life classes for a fee are also run in the evening during term time - and you can sign up for the Autumn Term now.
- Google Public Policy Blog - A privacy link on Google.com
- The Official Google Blog - What comes next in this series? 13, 33, 53, 61, 37, 28...
- California State Legislature - California Online Privacy Protection Act of 2003
- Export.gov - welcome to the Safe Harbor (government website and guidelines - including the Safe Harbor Privacy Principles)
- Wikipedia - safe harbor and safe harbor principles
- Wikipedia - EU Directive 95/46/EC on the protection of personal data,
- New York Times