Google is taking steps to appease privacy authorities from around the world as a wealth of private Wi-Fi data inadvertently collected by Street View cars threatens to damage its brand reputation.
Canadian Privacy Commissioner Jennifer Stoddart issued a set of recommendations to Google Oct. 20 and made it clear the company had errantly broken Canada’s privacy laws. Similar investigations were conducted in Europe and other privacy authorities chimed with in a laundry list of changes that Google should make to avoid similar mistakes in the future. Now it appears Google may escape regulatory wrath by making those changes, but the damage to its brand is unclear.
Britain’s Information Commissioner won’t fine Google for breaking its law, it was announced yesterday. Germany and Spain are both still investigating the matter. In Canada, Stoddart’s office doesn’t have the capability to issue fines.
Google announced Oct. 22 it had named long-time privacy engineer Alma Whitten as director of privacy. It also committed to enhanced privacy training for employees with a focus on collection and handling of data, and requires all project managers to maintain a privacy design document for each initiative they are working on.
The changes are “not in response necessarily to one particular regulator, but part of a global response to deepen privacy in the organization,” says Jacob Glick, counsel for Google Canada. “We’re committed to meeting the requirements of the privacy director.”
Whitten’s position will report directly to Google’s most senior engineer and most senior products manager, he adds. “There have always been people at Google who work on privacy. Hundreds of us in fact.”
Google’s bungle could still bruise its reputation in the eyes of Canadians who trust the Mountain View, Calif.-based company with their personal information on a daily basis, says Jack Adams, a consultant with London-based Greenlight Search Engine Marketing. But any brand damage hasn’t hurt the company financially yet.
“There is clear damage to Google’s brand perception,” he says. “It has to be remembered this may not be capitalized on now by competitors, but it may in the future.”
Googletakes up a lion’s share of the search market in Canada. Its closest competitor is Microsoft’s Bing, which hasn’t managed to put much of a dent in Google’s dominance. Google’s revenue from its search engine marketing last year was $24 billion.
Google’s privacy woes began earlier this year when it revealed it had accidentally collected Wi-Fi data from unencrypted networks as its Street View cars drove through the world’s streets and alleys, snapping photos. It had originally intended only to pinpoint the location of those networks for its location-based services on smartphones. But it accidentally collected data from Canadians that included account log-in information and complete e-mails.
American companies that publish products for worldwide use are coming to grips with various privacy regimes that are much more stringent, says Ariane Siegel, a partner at Toronto-based Aird & Berlis LLP. Privacy flare-ups such as this one show a cultural divide between the U.S. and other Western countries.
“There’s no umbrella approach to privacy,” she says. “Companies can generally do what they want with personal information, there’s no concept of what personal information is.”
Privacy compliance could be eased by companies complying with the highest standard of privacy legislation, Siegel adds. Another approach is to develop different programs for different jurisdictions, so Canadians could use a dot-ca site for example. But that can be cost-prohibitive.
“We want to make sure that companies are encouraged to invest in Canada and roll out their products in Canada,” she says. “We don’t want to scare off new innovations.”
Google does take privacy seriously, Glick says. A cultural divide is not an issue at the company that is committed to embedding privacy functions into its products.
“You have to think about privacy not just in terms fo compliance, but in terms of percolating up to the end user level,” he says.
The search giant has also committed to conducting more internal audits, he says. The employees conducting the audits will be separate from the product teams.
“It’s in their interest to protect user trust,” Adams says. “They’ve already admitted that’s what their business is based on.”
The Privacy Commissioner’s Office has given Google until Feb. 1 to meet its recommendations.