Privacy-related legal concerns for Google

1. Italian Courts convicts Google for privacy violations in video uploads

An Italian court on 24 February found three Google executives guilty of privacy violations for allowing a video depicting bullying to be posted on its website. The court in Milan found that the three men, David Carl Drummond, George De Los Reyes, and Peter Fleitcher, violated the privacy rights of a young man with Down’s Syndrome when they allowed a video showing his classmates bullying him to remain on the Google Italy website from September to November 2006. All three men were given a suspended sentence, though prosecutors had asked for a one-year imprisonment.

The legal basis for the charges, following the prosecutor’s theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users. The consequence is that under this interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves. This interpretation of the law means that Google is co-responsible for the legality of content containing the images of persons, before anyone has complained about the content.

It is noteworthy that European law protects internet providers from responsibility if they remove illicit content as soon as they are informed of its existence – which is what Google did.  According to EDRI:

The consequence is that under this (odd) interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves.

A nice Catch 22, and a goodbye to network neutrality and online privacy !

Google’s Deputy General Counsel reacted to the news quickly, with a strongly-worded statement [Google Blog post] calling the decision an attack on “the very principles of freedom on which the Internet is built,” and promising to appeal the ruling.

More info here.

2. Google’s relationship with the NSA

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.

The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a “wake-up call.” Cyberspace cannot be protected, he said, without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”

The agreement will not permit the agency to have access to information belonging to Google users, but it still re-opens long-standing questions about the role of the agency.

The American Civil Liberties Union, among other civil liberties groups, is asking its members to contact Google executives and ask them not to work with the U.S. National Security Agency to investigate cyberattacks allegedly coming from China. Similarly, privacy advocacy group Electronic Privacy Information Center has filed a Freedom of Information Act (FOIA) request with the NSA asking for derails on the agency’s purported partnership with Google on cybersecurity issues.

3. Google’s relationship with China

In mid-December, Google detected a highly sophisticated and targeted attack on its corporate infrastructure originating from China that resulted in the theft of intellectual property. Google claims to have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. The accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties.

The attack also targeted at least other 33 companies, from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors.

American intelligence and law enforcement officials have been alerted in order to assemble powerful evidence that the masterminds of the attacks were on the Chinese mainland.

But while much of the evidence, including the sophistication of the attacks, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Today that uncertainty, along with concerns about confronting the Chinese without strong evidence, has frozen the Obama administration’s response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent the response of other targets, including some of the most prominent American companies.

As a result of the attack, Google posted a surprising message on its official company blog that raised the possibility the search engine may leave the Chinese market rather than continue operations under oppressive Chinese censorship laws.

Unlike other companies like Yahoo! and MSN, Google was upfront to its Chinese users that the results were censored and did not move any of the infrastructure connected to email or personal information into the country, thereby shielding the data from Chinese laws. This compromise between profits and free speech protected the company from some of the fury human rights groups had for other American companies that kowtowed to Chinese business interests, but such protection was also limited to the conditions that Google had already laid down. The hack of the email accounts of human rights activists, information that Google went at lengths to protect from Chinese laws and officials, appears to be the final straw for Google.

4. Google Buzz privacy concerns

The new networking service issued by Google company called Google Buzz has met criticism and confusion from its users who complained that a list of people they frequently email or chat with has appeared on their profile.

Google moved quickly over the weekend to try to contain mounting criticism of Buzz, its social network, apologizing to users for features that were widely seen as endangering privacy and announcing product changes to address those concerns.

But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said his organization still intended to file a complaint with the Federal Trade Commission this week pending its review of Google’s changes.

“Even with these changes, there is still the concern that Gmail users are being driven into a social networking service that they didn’t sign up for,” Mr. Rotenberg said.


5 Responses

  1. The Italian court decision to hold three Google executives criminally liable for privacy violations raises important questions for human rights and for the technology industry. Privacy and freedom of expression are fundamental rights. How to best to align policies that protect both these rights is an issue that warrants broad consideration.

  2. […] statements were contained in the explanation (pdf, italian) of the guilty verdict Magi handed down February 24 in a landmark case against three Google executives for invasion of […]

  3. […] in a Jan. 12 posting on the company’s Web site, which stated that the company was changing its policy toward China in the wake of the theft of unidentified “intellectual property” and the apparent […]


    According to Adam Liptak the ruling, “called attention to the profound European commitment to privacy, one that threatens the American conception of free expression and could restrict the flow of information on the Internet to everyone.”

    In one sense, the ruling was a nice discussion starter about how much responsibility to place on services like Google for offensive content that they passively distribute.

    But in a deeper sense, it called attention to the profound European commitment to privacy, one that threatens the American conception of free expression and could restrict the flow of information on the Internet to everyone.

    “Americans to this day don’t fully appreciate how Europeans regard privacy,” said Jane Kirtley, who teaches media ethics and law at the University of Minnesota. “The reality is that they consider privacy a fundamental human right.”

    Google understands.

    “The framework in Europe is of privacy as a human-dignity right,” said Nicole Wong, a lawyer with the company. “As enforced in the U.S., it’s a consumer-protection right.”

    But Ms. Wong said Google’s policies on invasion of privacy, like its policies on hate speech, pornography and extreme violence, were best applied uniformly around the world. Trying to meet all the differing local standards “will make you tear your hair out and be paralyzed.”

    The three Google executives were sentenced to six months in prison for failing to block a video showing an autistic boy being bullied by other students. The video was on line for two months in 2006, and was promptly removed after Google received a formal complaint. The prison sentences were suspended.

    Still, Judge Oscar Magi’s ruling, in effect, balanced privacy against free speech and ruled in favor of the former. And given the borderless quality of the Internet, that balance has the potential to affect nations that prefer to tilt toward the values protected by the First Amendment.

    “For many purposes, the European Union is today the effective sovereign of global privacy law,” Jack Goldsmith and Tim Wu wrote in their book “Who Controls the Internet?” in 2006.

    This may sound odd in America, where the First Amendment has pride of place in the Bill of Rights. In Europe, privacy comes first.

    Article 8 of the European Convention on Human Rights says, “Everyone has the right to respect for his private and family life, his home and his correspondence.” The First Amendment’s distant cousin comes later, in Article 10.

    Americans like privacy, too, but they think about it in a different way, as an aspect of liberty and a protection against government overreaching, particularly into the home. Continental privacy protections, by contrast, focus on protecting people from having their lives exposed to public view, especially in the mass media.

    The title of a Yale Law Journal article by James Q. Whitman captured the tension: “The Two Western Cultures of Privacy: Dignity Versus Liberty.” And historical experience helps explain the differing priorities.

    “The privacy protections we see reflected in modern European law are a response to the Gestapo and the Stasi,” Professor Cate said, referring to the reviled Nazi and East German secret police — totalitarian regimes that used informers, surveillance and blackmail to maintain their power, creating a web of anxiety and betrayal that permeated those societies. “We haven’t really lived through that in the United States,” he said.

    American experience has been entirely different, said Lee Levine, a Washington lawyer who has taught media law in America and France. “So much of the revolution that created our legal system was a reaction to excesses of government in areas of press and speech,” he said.

    It was not until 1890 that Samuel Warren and Louis D. Brandeis wrote “The Right to Privacy,” their groundbreaking Harvard Law Review article. Influential though it was, it came awfully late in the life of the republic.

    The word privacy does not appear in the Constitution, and, outside the context of government searches, the document has almost nothing to say about the concept. This was perhaps best demonstrated by how hard the Supreme Court had to work in Griswold v. Connecticut, the 1965 ruling that established a right to marital privacy.

    That right, Justice William O. Douglas wrote, was suggested by the First, Third, Fourth, Fifth and Ninth Amendments. The “specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees,” he wrote, in a much-mocked passage.

    European courts, by contrast, have Article 8.

    In 2004, the European Court of Human Rights relied on it to rule that Princess Caroline of Monaco could block German magazines from publishing pictures of her — quite tame pictures — that had been taken in public. “I believe that the courts have to some extent and under American influence made a fetish of the freedom of the press,” Judge Bostjan M. Zupancic of Slovenia wrote in a concurrence. “It is time that the pendulum swung back to a different kind of balance between what is private and secluded and what is public and unshielded.”

    The differing conceptions can have profound consequences. “Europeans are likely to privilege privacy protection over both economic efficiency and speech,” Susan P. Crawford, who teaches Internet law at the University of Michigan, wrote in an e-mail message. “They’re willing to risk huge economic losses and erect trade barriers in order to protect privacy.”

    The Italian prosecution would be unimaginable in America. The Communications Decency Act of 1996 leaves online companies free of liability for transmitting most kinds of unlawful material supplied by others. Prosecutions for truthful speech on matters of public interest are almost certainly barred by the First Amendment.

    Still, said Marc Rotenberg, executive director of the Electronic Privacy Information Center, there may be something to learn from the Italian episode. “This video was enormously controversial, widely seen and very upsetting,” he said. “Sometimes,” he added, “there are egregious acts and there should be some responsibility.”

    But Professor Crawford cautioned against thinking about the problem in categorical terms. Privacy is a broad enough concept, and Europe and America are varied enough, that it is easy to find counterexamples. Britain, for one, is only slowly moving toward the Continental model.

    And what Italian prosecutors labeled a battle over principle may well have had another goal.

    “Italian media is full of naked women and embarrassing revelations about both celebrities and ordinary people,” Professor Crawford wrote. “Any concern for privacy in this case is a pious cover for an (also naked) assertion of power over online companies.”

    In some ways the Italian video represents the easy case. Google was merely a conduit for other people’s information, and that may well be enough to protect it in most of Europe.

    The harder cases arise when Google is more active in gathering and disseminating information, as in its StreetView service, which provides ground-level panoramas gathered by cars with cameras on them. The program has generated legal challenges in Switzerland and Germany.

    “Google is digitizing the world and expecting the world to conform to Google’s norms and conduct,” said Siva Vaidhyanathan, who teaches media studies and law at the University of Virginia. “That’s a terribly naïve view of privacy and responsibility.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: