Britain to Google: Fix privacy policy or face legal action

Thanks to Snowden, lax London now fears American Internet giant doing evil after all

by Hayley Tsukayama

The Washington Post

Google is facing increased pressure over its privacy policies, as British regulators ordered the tech giant Friday to give users more insight into how the information it collects on them is used.

European regulators have become more critical of Google’s business practices in the past year, including French and Spanish authorities who say Google’s policies do not comply with their data protection rules.

Privacy advocates say that questions about how U.S. firms protect European data will only become more pointed in the wake of revelations about a National Security Agency surveillance program, PRISM, that targets foreign data on the servers of U.S. companies.

The surveillance program “combined with the ongoing investigation of Google’s business practices, has created almost a tsunami of privacy enforcement,” said Marc Rotenberg, executive director of the advocacy group Electronic Privacy Information Center.

Britain’s Information Commissioner’s Office, which has been less aggressive than other European regulators, has taken multiple steps against Google since the disclosure of PRISM, including demanding last month that the firm delete any remaining data inadvertently collected for its Google Street View mapping service.

On Friday, it followed that order with a second, broader, mandate that Google amend its privacy policy by Sept. 20. The “updated privacy policy raises serious questions about its compliance with the U.K. Data Protection Act,” regulators said in a statement.

The information agency said that it was particularly concerned that Google’s policy, which went into effect in March and covers more than 60 Google services, does not give users enough information about the data the firm collects and how it is used. It is also concerned that the policy does not disclose enough information about how long Google keeps user data.

If Google does not amend its policy, the ICO said it will “leave the company open to the possibility of formal enforcement action.”

The ICO was joined Friday by a data protection office in Hamburg, Germany — where Google’s German office is based — which said in a statement that it will hold a hearing on concerns that Google’s policy on data collection is unclear.

In a statement, Google said that its policies comply with European law and “allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

European regulators have cast a critical eye on Google’s privacy protections since January 2012, long before reports surfaced that Google, its YouTube video service and seven other tech firms were participants in government surveillance programs.

Last month, after a year-long investigation led by French data protection authority CNIL, French and Spanish regulators said Google could face fines if it did not amend its privacy policies within three months. The agency also indicated data protection officials in the Netherlands and Italy were assessing whether Google violates data protection rules in those countries.

Officials from the European Commission have warned that the fallout from the PRISM program could discourage European businesses from using American data storage providers such as Google, Microsoft and Dropbox.

On Wednesday, members of a key European Parliament committee voted to launch an inquiry into U.S. data surveillance programs and said they were open to suspending data-sharing deals with the U.S. Data privacy is also expected to be a part of U.S.-EU trade negotiations that are scheduled to begin Monday.

Clapper ‘wittingly’ backtracks

WASHINGTON AFP-
JIJI

U.S. National Intelligence Director James Clapper has apologized, in a letter, for telling lawmakers that the National Security Agency does not collect data from Americans’ phone and Internet records.

Clapper had been asked by Sen. Ron Wyden at a March 12 hearing if the NSA had gathered “any type of data at all on millions or hundreds of millions of Americans,” and the spy chief replied: “Not wittingly.”

Leaks from a former contractor for the NSA, Edward Snowden, in recent weeks have since uncovered a far-reaching “data-mining” program that scoops up telephone records and some Internet communications of Americans.

The revelations forced the spy chief to correct what he called his “erroneous” testimony before the Senate panel, according to a letter that was posted online by the Office of the Director of National Intelligence.

In a letter to the chair of the Senate Intelligence Committee, Sen. Dianne Feinstein, Clapper said he wanted to “set the record straight” given the “heated controversy” prompted by his remarks.

Clapper wrote that his answer had mistakenly focused on different intelligence gathering activities that allow for spying on the content of communications only under specific guidelines and a judge’s approval.

He said “my response was clearly erroneous — for which I apologize.”

Clapper’s staff immediately acknowledged the error to Sen. Wyden’s aides after the hearing but did not issue a public apology as the data collection program had remained classified until recently, the spy chief said.

“I can now openly correct it because the existence of the metadata collection program has been declassified,” he said in the letter, which was dated June 21.

At the time of the hearing, Wyden’s aides had expressed “serious concern” to Clapper’s office over its refusal to publicly correct his “inaccurate” statement, the senator’s spokesman Tom Caiazza said.

“Sen. Wyden is deeply troubled by a number of misleading statements senior officials have made about domestic surveillance in the past several years,” he said.

Leaks from the former NSA contractor Snowden confirmed the U.S. government was continuing to collect phone records of Americans, a program first revealed in 2006. Snowden also disclosed a program code-named PRISM that allows the government to collect email, photos and other Internet traffic to track “foreign targets.”