Google announced that it is: "committed to protecting your [the consumer's] privacy and to supporting an internet environment that also respects individual privacy". The search engine has joined with 11 other high profile US companies, called themselves the Consumer Privacy Legislative Forum, and posted a Statement of Support in Principle for Comprehensive Consumer Privacy Legislation with the aim of a US federal law being passed to help protecting us from "spyware, malware, phishing, identity-theft, and other privacy threats".
In the US it's the Federal Trade Commission (FTC) who would be responsible for creating such privacy protections for American consumers. Over here in the UK this falls under the remit of The Information Commissioner's Office. The ICO is an independent public body set up to promote access to official information and to protect personal information. They regulate and enforce the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and the Environmental Information Regulations. Reporting directly to Parliament, the Commissioner's powers include the ability to order compliance; using enforcement and decision notices; and prosecution. They provide guidance to both organisations and individuals, rule on eligible complaints and can take action when the law is broken.
So that's all OK then? UK consumers are covered already? Errrr, perhaps not. Let's take a look at the details...
When it comes to online matters it's primarily the Privacy and Electronic Communications (EC Directive) Regulations 2003, which came into force on 11 December 2003, which are supposed to protect the consumer. These supersede the Telecommunications (Data Protection and Privacy) Regulations 1999. They cover Telecommunication network and service providers:
- processing of electronic communications traffic data.
- location data and billing data.
- calling or connected line identification.
- directories of subscribers.
- the security of telecommunications services and the use of cookie type devices.
Unfortunately, as identified in the report Privacy Self Regulation: A Decade of Disappointment by C.J. Hoofnagle, current threats to our privacy include not only the above specified cookie type devices but "entirely new technologies have emerged as well, some of which are all but unknown to consumers. Few of these methods are regulated, either internally by industry or externally by government. Without privacy legislation to protect internet users from improper use of the information collected on the web, companies are unlikely to voluntarily cease privacy-invasive practices".
Ironically, in light of Tuesday's announcement, C.J. Hoofnagle cites Google's Gmail Content Extraction as: "a significant development in internet tracking technology because it is one of the first with the capacity and the structure to monitor and record not just transactional data and personal information, but the content of private communications."
