Online privacy has become increasingly important in the last few years, especially with the rise in use of social network sites.As these sites become increasingly popular, users' ability to control their personal information has become more important. The social network service – Google Buzz – for example, createdscores of customer complaints when it was first launched in 2010.
The US consumer regulator – the Federal Trade Commission (FTC) – has recently announced that Google misused its users' personal data when it launched its Google Buzz service.
'Google Buzz' has been seen by many as the biggest mistake the search engine has ever made. A response to Twitter, the social networking service faced problems from the moment it was launched, because it automatically published Gmail users' activities via the Buzz 'auto-follow' feature.Although Google has made numerous apologies ever since the launch, it has paid dearly, both in reputation and in the courts, for not taking its users' privacy seriously enough.
The FTC charged Google for breaching the Safe Harbor agreement, which is an agreement between the European Commission and the US Department of Commerce that permits personal data to be transferred from Europe to the US only if EU standards of data protection are met.
Google misused personal data even though its privacy policy confirmed it would ask Gmail users' permission if it used their personal data for an alternative purpose. It failed to tell users that their email contacts would be shared if they signed up to Buzz. Users then were not able to fully opt out of Buzz even though Google gave them the impression they would be able to.
Google, in a bid to settle the case with FTC, has made big promises.Not only will it do privacy audits every two years for 20 years, but it has also promised that it will be upfront about the way it deals with personal data and, most importantly, will get explicit consent from users before sharing their data with other businesses.
In an attempt to prevent further privacy breaches such as the Google Buzz fiasco, the EU Justice Commissioner, Viviane Reding, in her speech last month (http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/183) announced that data protection laws will be modernised in order to enhance "individuals' control over their own data". According to Reding, people's rights need to be built on four pillars: the 'right to be forgotten'; 'transparency'; 'privacy by default'; and 'protection regardless of data location'.
Reding believes that consumers must give explicit consent if their data is being used for an alternative purpose; that irrelevant data must not be collected through software applications; and that EU users, regardless of location, must abide by EU data protection laws. The legislative proposals will be introduced this summer.
© Thorntons Law LLP
18 April 2011
Claire Shepherd