Google's privacy policy is ‘vague’
- Added:
- May 27, 2007
Speaking to BBC News, Peter Fleischer, global privacy counsel for Google, said the company "could do better" with policy statements that explained why user information was sometimes shared with third parties.
Fleischer said Google’s privacy policy was written to be as "clear and simple as possible".
However, he admitted two elements of the policy statement needed attention.
Those elements stated:
· When we use third parties to assist us in processing your personal information, we require that they comply with our Privacy Policy and any other appropriate confidentiality and security measures.
· We may also share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.
Fleischer told the BBC: "There is a constant process of trying to be clear with language and improve notices," "We ought to be able to do better than that now that you have drawn my attention to that particular clause," he said, referring to the first clause.
Speaking about the second element, Fleischer said: "It is kind of vague. I wish we could do better on that one."
Fleischer said Google shared data with third parties when it outsourced a part of its operation.
"The clause essentially says that if we hire outsourcing functions to provide something like virus scanning or security models, we at Google would still be responsible for the privacy practices for our end users."
He said the clause also covered the movement of data between Google Inc, the US-registered company, and its affiliates, such as Google in the UK.
"There are some very limited circumstances in which we would share user data with third parties. One of them would be if we were under a legal order from the police to do so.
He added: "Very rarely there will be a case where the police say someone is in actual danger and needs our help.
"We have had a case when someone was kidnapped and Gmail was being used for a hostage ransom demand. These are incredibly rare situations. We are not going to hide behind procedures."
Fleischer said the company would also share user data with third-party security experts if Google was the subject of a massive hacker attack.
"This is purely hypothetical but we might need to share user data with security experts to find out who is hacking, and where is this coming from."
However, Fleischer said Google would never give "identifiable personal data" to third parties, including advertisers.
His comments follow Google’s proposed purchase of online advertising firm Doubleclick. The ad company helps link up advertising agencies, marketers and web site publishers hoping to put adverts online.
A working party of European Information Commissioners has written to Google to ask the firm to explain why it holds on to users' web history data for up to two years.
Campaigners argue that the two firms will have an unprecedented amount of information on users' web-surfing habits.
Google has said it would respond by the end of June.
Fleischer added: "Our goal is to be as transparent as possible with our users when it comes to privacy. That transparency builds trust and we will succeed or fail on whether our users trust us."
Source: BBC News