Here at TLF, our privacy discussions often center around such concepts as expectations of privacy, notice and choice, opt-in/out, and the like. These are all important and legitimate of course, but the privacy issue that seems to make news more than any other is Google Spy-Fi, and the defiant attitude Google has against governments. And this has me worried.
Not that I think governments necessarily need to regulate privacy, or that Google’s data collection from unsecured hotspots was even illegal. I’m thinking much more practically. People are concerned about privacy, governments are investigating Google to see what data it really collected, and Google seems to be cherry-picking the kinds of information it provides to different authorities. And in this defiant game of chicken, it’s the rest of the industry that’s the bacon – and I’m afraid we’re all slowly being fried.
There’s an old adage among practitioners of non-violent resistance that “an eye for an eye” retaliation leaves everyone blind. With yesterday’s news that authorities raided Google’s Korean office and found massive amounts of personal data, I’m wondering when—not if—bad behavior from the industry leader will result in a black eye for all online companies.
Korea’s National Police Agency claims to have found hundreds of thousands of emails, instant messages and other personal data” on Google’s hard drives. This is the latest finding similar to a string of other countries like Germany, Canada, Germany, France and the UK.
If it were all just foreign, that would be one thing. But there are 40 U.S. state Attorneys General looking into whether Google violated laws when it captured data transmitted from WiFi networks while its vehicles drove through cities and neighborhoods, taking photos for its Google Maps Street View product. The former leader of the AGs, Connecticut’s Richard Blumenthal, is now a Senator in Congress and has already vowed to scrutinize not just Google, but all online industry privacy practices.
This will result in unintended consequences for companies that collect data online. Last year featured numerous Congressional hearings, FTC workshops, and the recently released FTC and Commerce reports on privacy. I can’t even keep track of the number of privacy-related conference calls and events I attended.
But Google has a dismissive attitude toward investigations of its data collection. They seem to be saying “trust us, it’s not that bad”, but then government authorities discover a lot more data than Google confessed to collection. As this is Google—the industry leader in so many areas—this sets a bad precedent for future investigations and for other American companies with data centers overseas. Google should know better.
Even if if it turns out that Google technically did not break any U.S. law, this privacy problem won’t go away. All of the negative publicity is enough to spill over to the good guys. And in today’s privacy climate, a black eye could turn blind if retribution against Google means regulation of the entire online industry.