Google’s admission that it breached its own privacy policies when signing up Gmail users to its Buzz social network couldn’t have been better timed for UK communications minister Ed Vaizey, who just days earlier had issued a rallying call to Europe and the US for a combined effort on e-privacy.
The search giant settled a complaint by the US Federal Trade Commission over the Buzz debacle, which included breaching a voluntary safe harbor agreement covering the use of personal data from European citizens in the US.
That framework is jointly managed by the US Department of Commerce and European Commission, and is an example of the type of collaboration Vaizey believes is essential for the future safety of citizens online as the EC considers changes to its decade-old Data Protection Directive.
Vaizey told a CBI e-privacy forum in London that the EC and US are already examining current rules for online data protection, which presents a unique opportunity to develop cohesive policy between the two.
“For the sake of web users and businesses, we need a unified and consistent approach to online privacy that crosses borders,” Vaizey notes. “Creating an international standard for online privacy will ensure businesses compete on a level playing field, while web users enjoy the same protections wherever a website is based.”
The US “consumer privacy bill of rights,” will be similar to existing European data protection rules and e-Privacy directive, which is currently under review with results due late May.
However, the UK minister is painfully aware of the mountain that must be climbed to implement a cohesive policy across borders. The latest e-Privacy directive, for example, changes the way cookies are implemented in web browsers to give consumers more control over whether to accept the short scripts that record their preferences on websites.
“It’s a good example of a well-meaning regulation that will be very difficult to make work in practice. If we get the implementation wrong, it will seriously hamper the smooth running of the internet, and it’s therefore a provision that should concern the consumer as well,” Vaizey states.
The minister also called for the telecoms industry to adopt a self-regulating approach to online privacy.
“I am not a big fan of regulation,” he said, explaining. “When Government steps into the fast moving world of technology we risk creating more problems than we can solve. If industry can bring in its own measures to reassure customers – such as clear guidelines in plain English and greater transparency – not only will they win customers, they will avoid regulation.”
Vaizey’s goal makes sense in theory, but the Google Buzz case calls into question how practical it is. After all, the FTC's main argument is that Google breached its own privacy policy. If we judge all firms by the same measure, the dream of self-regulation seems a long way off.