08 Dic EU’s unlikely partner for data privacy review: Google
Ars Technica, By John Timmer, December 7, 2008
The EU is looking into whether its privacy regulations need to be updated to bring them into line with the realities of the modern Internet. The group responsible for this update, the catchily-named Article 29 Data Protection Working Party, has asked a five-person expert group to help inform its efforts. In a surprise move, given past clashes between the EU and Google, an executive from the search giant has been asked for his input. The EU’s privacy regulations date from a 1995 Directive entitled, “on the protection of individuals with regard to the processing of personal data and on the free movement of such data.” Once past the 72 “whereas” clauses, the Directive requires that member states have regulations consistent with a variety of principles. These include access by individuals to the data collected on them, that the data must be kept accurate, and that it only be, “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.” Clearly, the technology for handling personal data has made privacy regulations a moving target, so the European Parliament adopted an update in 2002. In addition to tacking on another 49 “whereas” clauses, the document brings in terminology like “traffic data,” “location data,” and “electronic mail” that clearly reflects an intention to keep privacy rules up to date. The focus appears to have been driven by the recognition that service providers collect lots of information on their customers that can help reveal personal information about them. The rules require that this data be anonymized or destroyed once it’s used for any relevant business purposes. In recent years, the focus on data that can be used to track users has shifted to search engines and advertisers. The UK has been debating the use of tracking software by British Telecom, and the EU has been pushing Google to limit its retention of data on users of its search service. The later disagreement has actually involved the same Article 29 Working Party that’s involved in the attempt to update the EU’s privacy laws. That’s why it might be a surprise to see reports that a Google executive has been asked to serve on the expert committee advising the Article 29 Working Party. Peter Fleischer, who acts as Google’s Global Privacy Counsel, is among the five people who will be helping the EU modernize its privacy rules (Fleischer maintains a blog in which he often discusses privacy issues). The IDG News Service is reporting that he will be joined by David Hoffman, who advises Intel on privacy issues, among other things. They will be joined by several European lawyers. The inclusion of Intel, which produces technology that enables other companies to track users, isn’t an obvious choice for this panel, although there’s no doubt that Intel pays attention to technology well beyond its immediate interest in selling processors. But the choice of a Google representative is an actual surprise, considering the somewhat antagonistic relationship the EU and Google have had in the past. That said, the combination could be mutually beneficial. The EU could wind up with a better sense of what Google sees as technologically feasible, while Fleischer could make sure Google is aware of precisely what the EU intends to accomplish with its regulations.