Google Calls for International Standards on Internet Privacy

By Catherine Rampell
Washington Post Staff Writer
Saturday, September 15, 2007

Google, a frequent target of privacy advocates, yesterday called for new international standards on the collection and use of consumer data.

Peter Fleischer, global privacy counsel for Google, told a U.N. audience in Strasbourg, France, that fragmentary international privacy laws burden companies and don't protect consumers. He argued for an international body such as the United Nations to create standards that individual countries could then adopt and adapt to fit their needs.

"The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments," Fleischer said, according to a transcript of the speech provided by Google.

Google has been criticized for its privacy policies and its planned $3.1 billion merger with DoubleClick, an online advertising broker that sells banner and video ads. To target their advertising, both Google, which specializes in text ads, and DoubleClick collect information on which sites users visit. Critics argue that the merger would hurt competition in online advertising, and that it would aggregate too much consumer data in the hands of one company.

The European Union is currently investigating Google's privacy practices.

"Google, under investigation for violating global privacy standards, is calling for international privacy standards," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a critic of the DoubleClick merger. "It's somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding."

Google says it has remained at the forefront of protecting consumer privacy. It was the first company to implement an expiration date for collected data. Google strips identifying information from its search logs after 18 months, the same standard that Microsoft now uses. Yahoo and AOL keep user data for 13 months, and announced in July that it would give users an option to prevent its search engine from recording search terms and IP addresses.

"The key concept is user control," said Alissa Cooper, a policy analyst at the Center for Democracy and Technology, a privacy advocate whose funding comes from foundations, corporations and trade associations. The center is working with a group of U.S. firms, including Google, to create national privacy protection standards for the industry that it plans to submit to Congress.

Comprehensive legislation relating to privacy issues has not yet made it through the full House or Senate. Rep. Bobby Rush (D-Ill.), the chairman of the Commerce subcommittee on consumer protection, submitted a bill in February intended to increase consumer privacy safeguards. In the Senate, Judiciary committee leaders Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.) have also introduced a comprehensive privacy bill.

In his speech, Fleischer criticized the U.S. privacy law model as being "too complex and too much of a patchwork," because different laws apply to different industries and vary by state. He called the European Union model "too bureaucratic and inflexible."

Fleischer instead advocated something closer to the privacy framework developed by the Asia-Pacific Economic Cooperation forum, which Fleischer said "balances very carefully information privacy with business needs and commercial interests."

But critics say that the APEC standards are too lenient.

"The APEC guidelines are far below what Google would be expected to do in Europe or the United States," Rotenberg said. They "don't address the critical problem of limiting data collection, which is the key point in the dispute over Google's business practices."

Rotenberg said that the APEC rules put the burden on consumers, who must demonstrate that a company's privacy policy has harmed them.

Guidelines developed in 1980 by the Organization for Economic Cooperation and Development, an international body of developed countries, generally focus on the violation of privacy as a right rather than a demonstration of harm caused by the violation. These standards, which influenced the European Union's privacy laws, are usually preferred by privacy advocates.

© 2007 The Washington Post Company