I've been writing quite a lot about the current Data Protection regulation that is being considered in the European Parliament. As I've noted, this has led to an unprecedented level of lobbying from US companies, who are keen not to have to follow strict EU rules when it comes to our privacy. So far, I've not singled out any particular company in this context, but having read somewhat belatedly this post by the privacy expert Simon Davies, I feel a need to talk about one that is clearly right at the heart of this battle: Google.
Davies points to (and offers interesting comments upon) another fascinating post, this time from Peter Fleischer, who is Google's Global Privacy Counsel. As the latter states at the head of his blog:
I need to point out that these ruminations are mine, not Google's. Please don't attribute them to Google.
That seems clear enough, but let's just consider what it means for a moment.
Fleischer is Google's "Global Privacy Counsel", which implies that he counsels and advises Google on issues that involve privacy. Since he is the global privacy counsellor, we can reasonably assume that his is the most important voice in Google's discussions on this topic, and that when he says something, they listen.
His "ruminations" may indeed be his personal thoughts, and not official Google policy, but for that very reason represent his real opinions of issues, not just the public gloss that is put upon them. Given his pivotal role at Google when it comes to privacy, it is likely that the Google management team largely share those views – otherwise they would presumably have fired Fleischer and found someone else they felt more comfortable with. Thus his frank comments probably provide us with tantalising glimpses of what Google really thinks about privacy.
Here's a key section of his post:
Like many people in the privacy profession, throughout my career, I had always thought it was sensible to apply Europe's privacy laws worldwide, in the interests of maintaining one, consistent worldwide standard. I'm changing my mind now. As the proposals to revise the privacy laws in Europe become whackier by the day, I am starting to believe that the "world" will have to watch Europe do its own thing in its own backyard, while maintaining a different, faster, more innovative pace in the "rest of world". Granted, Europe is a market that is just too big to ignore, but that's no reason why special compliance rules for it should be exported globally. No one applies Chinese censorship rules outside of China, so this would hardly be the first time that companies apply special rules in one particular country/region.
Notice how an opposition is set up here: between an "innovative pace", and the EU's "whacky" privacy laws that place the individual in control of their personal data, rather than the company that gathers and processes that data.
It's kind of him to concede that backward-looking Europe is "just too big to ignore", so Google won't be abandoning us just yet, it seems, but it's the next phrase that is really telling: "that's no reason why special compliance rules for it should be exported globally." Because, of course, there is equally no special reason why the compliance rules applied in the US – lax ones – should be exported globally. Because there is no special reason why companies should have the right to use our private data pretty much as they please, despite what Google and its ilk would have us believe. It's just that it's convenient – and highly profitable – for them to do so, which is why they are fighting tooth and nail against the latest EU proposals.
Fleischer goes on:
Europe's proposed rules will end up costing a lot, if you care about innovation in Europe. I'm a technophile, in the sense of believing that fast innovation is the only hope to maintain high rich-world living standards for our aging Western societies in the future. But I am troubled by how many roadblocks are being put in place to drag down the speed of innovation.
There it is again: the opposition between innovation and privacy – the idea that you can't have the former without the latter. But the next sentence gives the game away: "fast innovation is the only hope to maintain high rich-world living standards". You see, this isn't about innovation as such, but only a certain kind of innovation capable of maintaining "high rich-world living standards."
What this overlooks, of course, is that some people – a few hundred million Europeans, actually – seem to value privacy more than the possibility of owning a couple more pointless shiny objects. Indeed, they value their relationships so much that they would rather Google, Facebook and friends didn't simply regard them as some kind of industrial sludge that must be data-mined to produced the shining ore of potential consumption that can be sold to eager advertisers. What they would like is innovation in privacy, not instead of it.
The cynical realists will see that Europe's innovation-inhibiting privacy laws will simply drive more Big Data and Internet innovation to move increasingly outside of Europe. Will we see companies choose to move their research arms elsewhere, for example, to the US or India or Singapore? Ask yourself whether US or European companies will turn out to be more hobbled by Europe's rules? The answer is obvious: European companies will have to swallow these new rules entirely, while non-European companies can simply ring-fence their slower, less innovative operations in Europe. Companies may end up offering a series of slower, less-cutting-edge services in Europe, given the significant risks that cutting-edge data-services could be smacked with massive fines.
"Ask yourself whether US or European companies will turn out to be more hobbled by Europe's rules?" What, hobbled by rules that encourage greater respect for their users, allowing deeper and potentially more profitable relationships to be forged than simply strip-mining the most intimate details of their private lives? Let's turn that around: "Ask yourself whether US or European companies will turn out to be more hobbled by the US's rules?" - ones that drive companies to employ the digital equivalent of slash and burn agriculture, destroying privacy as they go, and leaving the indigenous populations (that's you and me) with nothing but a few Groupon offers in return.
That's not a long-term strategy. As the rise of open source, open access, open data and all the rest of the opens attest, we are entering an age of user empowerment, where companies offering online services must actually serve us, rather than simply sell us. And far from being left behind by these privacy-preserving rules, maybe it will be the European companies that go on to develop exciting new services that respect their users, rather than exploiting them – ones based on sharing and equality. You know, a bit like the World Wide Web: not, as some probably believe, invented by Google, and not even devised by a mighty technology company in the US, but by a lone Briton working in Geneva, for a European research organisation, who then gave it all away. How quaint – a bit like our data protection rules.
Find your next job with computerworld UK jobs