Saturday 28 January 2012

On International Data Privacy Day

Europe to Google

Really, Google? You're getting rid of over 60 different privacy policies and replacing them with one that's a lot shorter and easier to read? Gee, thanks for doing that! I do have trouble with anything requiring an adult's attention span. What's that, your new policy covers multiple products and features, reflecting your desire to create one beautifully simple and intuitive experience? Terrific! You believe this stuff matters? Well that's great, just great.

First of all: why oh why, in the name of all that's hairy (and private); why did you ever send this notification to my Sky Mail account? I know you provide their service; but you know, that only makes them, not me, your customer. My contract is with Sky. They carry a privacy policy, to which I've agreed. Your opinions were neither sought nor welcome, and your policy (or policies) has (or have) no dominion over me there.

Secondly: do you never learn? You killed the much over-hyped Google Buzz in 2010 by deliberately implementing and obscuring such default privacy settings as would shame Facebook. You just killed off any last chance of social network success, by enforcing your account naming policy in Google+ (latest feeble "concessions" notwithstanding). Now you impose, without an opt-out, this unification of accounts across all Google services. What makes you think that I will continue to want to entrust any of my business correspondence, private letters, other documents and messages, contact lists, calendars, photographs, videos, even this blog, to such a capricious company? To you, who might delete everything I own at any time, on a whim and without appeal, simply because you suddenly decide you don't like my name?

Thirdly and finally: shut up, sit down, and pay attention. European citizens will not have privacy policies dictated to them by their service providers. Europe shall determine the privacy policy to be applied to, and by, its service providers. That, or else providers will no longer be providers to Europeans.

Sufficient Unto The Day

And the same applies across the pond. Facebook Live, in conjunction with the National Cyber Security Counsel, streamed last Thursday's NCSA event anticipating International Data Privacy Day (which is today). This included the keynote opening speech by Federal Trade Commissioner Julie Brill, but if Zuckerberg and co thought their coverage would smooth the ride, then it's safe to say she surprised them. The full text of her remarks can be read here:

http://www.ftc.gov/speeches/brill/120126datarivacyday.pdf

But here are a few samples.
Our enforcement actions in the privacy area are also a call to industry to put important privacy principles into practice. Facebook and Google learned this the hard way.

The Commission’s complaint against Facebook alleges a number of deceptive and unfair practices [...] These include the 2009 changes made by Facebook so that information users had designated private became public.

We also addressed Facebook’s inaccurate and misleading disclosures relating to how much information about users apps operating on the site can access [...] that the company misrepresented its compliance with the U.S.-EU Safe Harbor. And we called Facebook out for promises it made but did not keep: It told users it wouldn’t share information with advertisers, and then it did; and it agreed to take down photos and videos of users who had deleted their accounts, and then it did not.
Google received similar coverage of the FTC's complaint against them in the Buzz era. Both companies settled their respective complaints, and have been left embarrassingly subject to a decades-long regime of shame, rehabilitation, audit and assessment. Yet both seem determined to keep testing and risking their parole.

Facebook and Google: sufficiently evil, unto the day.

No comments:

Post a Comment