A globally-effective privacy regime is a realistic goal, argues Ian Brown. But it needs giants like Google to get behind it.
Eric Schmidt has not been having a good week. Google’s executive chairman has received dressings down from Britain’s deputy prime minister, Nick Clegg, and Labour party leader Ed Miliband over the company’s complicated tax affairs. The prime minister has made unsubtle attacks on “the scourge of tax evasion and aggressive tax avoidance”. Clegg observed that “we have got these new corporate Goliaths that operate in this disembodied way, particularly in the digital sector, who quite unsurprisingly think they can exploit the best deal for themselves in the cracks and crevices between the national tax systems.”
These criticisms have an obvious connection with the slower-burning controversy over Google’s treatment of personal data. Last year the company had to pay a record $22.5m penalty after violating a privacy settlement with the US Federal Trade Commission. In Europe, Google is facing coordinated action by six national data protection authorities after ignoring their recommendations on bringing its privacy policy in line with European law. Undaunted, Google’s privacy counsel Peter Fleischer shot back that updates strengthening this law were a “glory of fantasy… an obsolete chivalric code” that will leave US companies as the “big winners”.
Yet just last month, in his new book The New Digital Age, Schmidt acknowledged that new technologies could “strip citizens of much of their control over their personal information in virtual space”, and called for an internet “delete button”. Aside from the small issue of corporate profits, what is it that stops the company applying its engineering genius to technologies that would meaningfully protect user privacy in the way it has so effectively promoted online freedom of expression? And why is the company part of the stampede in Brussels to water down the new Data Protection Regulation?
Google has built some small-scale tools, such as Dashboard, which show (some of) the data the company holds on users. These tools, however, have limited privacy impact compared to the vast scale of data collection Google is undertaking on users’ searching, web browsing, video surfing, GMail, Calendars, photos, and other day-to-day activities online. Android phones add a wealth of data on location. Google Glass can drag everyone their owners encounter into the Google Cloud. It is not fantastical for Schmidt to predict that his company will soon know users (and perhaps their family and friends) better than they know themselves.
People have been announcing the death of privacy since the earliest days of the World Wide Web, but do societies have any ability to protect this right in the face of such a juggernaut of tracking and profiling technology? Or is it that “criticisms are inevitably from people who are afraid of change or who have not figured out that there will be an adaptation of society to it”? (Schmidt again.)
Companies like Google can do a better job on privacy if they wish. They could support “privacy by design” in their products, help people with a “right to be forgotten” online – and support the European Parliament in guaranteeing these protections through the Data Protection Regulation. Despite Fleischer’s criticisms, 62 countries outside the European Union now have privacy laws, so a globally-effective privacy regime is a realistic goal.
On tax, Clegg has thrown down the gauntlet: “I think the worm has turned… There is now a feeling – you can see it America, Germany, the US and France - that people construct a system where there is a level playing field.” It is similarly up to governments and users who value privacy to make sure they don’t let it fall between the “cracks and crevices” of global internet regulation.
Ian Brown is the author (with Chris Marsden) of Regulating Code: Good Governance and Better Regulation in the Information Age.