They may be battling each other tooth-and-nail to win over
online advertisers. But Google and Facebook are on the same side when it comes
to opposing new data-handling privacy laws fast-gelling in Europe and the U.S.
On Wednesday, the European Union formally proposed strict
rules that could restrict much of the systematic tracking and profiling Google
and Facebook routinely do of Internet users, as part of delivering targeted ads
to them.
If Europe's new rules are implemented as expected in 2013,
the tech rivals could face hefty fines, up to 2% of annual revenue, for any
violations. In Google's case that translates into a maximum penalty of $800
million.
On Tuesday, Facebook Chief Operating Officer Sheryl Sandberg
delivered a statistics-filled speech at a tech conference in Munich outlining
how Europe's proposed rules are very likely to stymie the global economy.
Sandberg called for a "regulatory environment that
promotes innovation and economic growth."
Google spokesman Chris Gaither echoed Sandberg's argument.
He says the search giant "supports simplifying privacy rules in Europe to
both protect consumers online and stimulate economic growth."
Meanwhile, refinements announced this week by Google and
Facebook, about how each tracks and profiles Internet users, added heat to the
domestic debate over the need for new data privacy rules here in the U.S.
Google signaled that it will begin cross-referencing user
data compiled from its most popular services, including search, Google Apps,
Gmail and YouTube. The stickler: Users won't be permitted to "opt
out" of having their Google activities correlated.
"Google is taking that option away," says P.J.
McNealy, analyst at Digital World Research. Younger Internet users may not care
much, he says. But Google patrons who are "more cautious or conservative
with their personal data" may "cringe," McNealy says.
Meanwhile, the non-profit group SafeGov, which monitors
security issues for federal, state and local government agencies, is alarmed
that Google's new policy could put workers who use Google Applications for
Government, a paid service, at heightened risk.
"Google should not be data-mining information in
e-mails, text messages, searches and documents that workers are putting into
Google services," says Jeff Gould, SafeGov security analyst. "It's a
matter of not making government workers unnecessarily exposed to hackers and to
inadvertent disclosures of information."
Google Vice President Amit Singh says Google's new privacy
policy for consumer data is superceded by data privacy provisions in contracts
with government agencies and other organization who use the paid version of
Google Apps.
"As always, Google will maintain our enterprise
customers' data in compliance with the confidentiality and security obligations
provided to their domain," says Singh.
But Gould checked the city of Los Angeles' contract with
Google and found that the data-privacy provision referred back to Google's
policy for consumers. "They didn't think through the consequences for
government users," Gould says.
Meanwhile, Google is busy fielding inquiries from a handful
of politicians who've proposed legislation that would restrict online tracking
and establish rules for data privacy.
"Amazingly, we still don't have a law that sets the
rules of the road for fair information practices that everyone collecting,
using, and distributing people's personal information must adhere to,"
says John Kerry, D- Mass.
Kerry and Sen John McCain, R-Ariz., continue to work for
passage of the Commercial Privacy Bill of Rights. "Until Congress acts,
Google and the rest of its competitors will continue to set that standard
themselves. "
Rep. Ed Markey, D-Mass., notes that "Googling is like
breathing for millions of kids and teens - they can't live without it."
Markey, who has also been critical of Facebook's tracking practices, is calling
on the Federal Trade Commison to review Google's new no-opt-out policy.
"Consumers - not corporations - should have control
over their own personal information, especially for children and teens,"
says Markey.
Facebook is drawing more scrutiny too. It is making
mandatory a new, glitzier user interface, called Timeline, that chronologically
displays a member's preferences, contacts and online activities.
Facebook says Timeline does not present any new information
nor alter any privacy settings.
Even so, SafeGov analyst Gould, for one, is concerned.
"If you take the new Google policy and combine it with Facebook Timeline,
the danger of hacking attacks for government users is multiplied by ten,"
he says.
More intensive tracking and profiling by the tech rivals
puts richer data in cyberscammers' hands.
Gould worries about the all-too-common scenario where an
intruder e-mails a government worker pretending to be an acquaintance.
"They can put information in an e-mail which they can get from your
Facebook Timeline, and trick you into downloading a piece of spyware," he
says.
Heightened cross-referencing of an individual worker's Google Search Company, Gmail and
YouTube activities poses similar risks, he says.
