Reports are emerging that Google is in fresh trouble with UK regulators on its privacy policies. TheNextWeb notes that:
In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.
The watchdog confirmed to TechCrunch its three main areas of concern — namely that Google needs to provide more information about how it processes users’ personal data; that Google needs to inform users specifically what their personal data is being used for so they fully understand the implications of using Google’s services; and that it must inform users when their personal data is being retained in a way they might not expect.
An old problem coming home to roost
In case you're wondering if this is a new topic given fresh impetus by the PRISM revelations and Google's part in that saga, you'd be wrong. Back in 2008 (yes - more than five years ago), I wrote in a piece entitled Google's obfuscation on privacy:
Even further back, in 2007 - almost six years ago - I wrote a piece entitled Google's inconsistent service policies where I outlined some of the many ways in which Google's policies are inconsistent with one another. If you peruse the links you'll see that nobody cared. At the time, I frequently found myself on the wrong end of the wrath of analysts who were insistent that whatever the problems, it didn't matter.
I never subscribed to that point of view, preferring to see it as a mark of arrogance that any one company should see fit to play fast and loose with our privacy.
Those who defend this position point to the many good things that Google gives us. All of that is true and I am genuiney grateful that Google has done so much to open up the world to so many people and created disruptive technologies like GMail. But...in light of recent revelations, the UK position is easy to understand. Still others sneer at what they see as Europe's retarded position on this topic. I wonder if those same voices are so vocal today.
These problems were echoed at the recent Cloud World Forum where Cloud Industry Forum rep Jessica Barry noted that (among other things) attendees were asking:
“This [cloud service provider] CSP claims to only hold data in the EU, but the EU has over 25 states – which one has my customer information?”
“Does the CSP have support staff in the UK or will they be accessing my system and data from other countries?”
Why doesn't Google comply?
To date, Google has done very little to put its house in order. Back in 2008, it point blank refused to comply with US requests. Why? Those who take on giants like Google cannot make a serious dent in Google's financial war chest. In 2011, France slapped Google with a fine of what was then a record of €100,000 ($140,000.) If Google doesn't comply with UK law then the worst case scenario is another slap - this time it would be £500,000 ($750,000).
These are drops in the ocean from Google's perspective. In order to bring the company to heel, multiple countries would have to impose sanctions running billions of dollars to make Google sit up and take notice.
What Google may not realize is that by continuing with sloppy policies, it hurts everyone. There is plenty of demand for cloud services of the kind Google anchors. But if fresh services exploit say - Google Maps - then are they compliant? Could an otherwise perfectly decent service find itself running foul of compliance and regulatory difficulties? If so then everyone loses as the pace of innovation stalls.
Others are taking notice of the hardening EU position and realizing that the incremental cost of setting up in Europe is far outweighed by the potential loss of business. Salesforce.com plans to open a new data center in Germany. NetSuite is considering a similar move. Amazon has established a data center in Ireland. SAP has data center facilities in Germany.
Image credit: Den Howlett at ZDNet
Featured image credit: © Minerva Studio - Fotolia.com