Euro chiefs: Hi Google. Here's how to REALLY protect everyone's privacy. Hello? Hello? Google cannot expect its users to read the web giant's rewritten Terms of Service to know how their privacy is being handled. That's according to Europe’s data protection chiefs in a letter to Google supremo Larry Page on Tuesday. The Article 29 Working Party, which penned the missive, is made up of national data protection …
Plain English.
What data, why, when, where, and passed on to who, when, why, what for?
I use numerous Google services, including a Moto G Android phone and their (very good) email service, but only via IMAP clients, and never see an ad on either. Their spam trap catches pretty much everything, and false flags are very rare.
Do no evil?
Almost certainly not.
Provide excellent hardware, software, and online products?
Most definitely.
Except WHERE'S THE FUCKING LINUX G-DRIVE CLIENT FFS!
Grrrrr........
On one hand, the precise description of everything Google does with the data in all possible configurations would probably dwarf the Encyclopedia Britannica.
On the other hand, Google does not want to have to publish new T&Cs every time the data is used in a different way. I imagine there are several more every month.
Finally, Google might want to keep secret some uses of the data, to avoid competitors imitating them.
It has been ever thus. I still remember Lily Tomlin in her recurring role of the AT&T operator on the Laugh-In show. "We're the phone company, we don't have to care." The EU might want to remember that one side can just walk away. Google, I'm sure, likes the money on the table, for now. I'm sure Microsoft would be heartbroken right up to the point that the regulators have them under their undivided attention. Interesting game.
I suppose this is why no country has gone the extra step to require express, explicit, and direct consent (IOW, full opt-in) in order to obtain any PID or share it anywhere outside the direct context of the site. Also why no country expressly bans requesting such PID as a requirement for the use of a site barring direct commerce (exchanging actual money for goods/services).
The service providers can simply go, "Sod this" and take their ball and go home, blocking all access to that part of the world.
“Google recently added ‘and our partners’ to the set of entities that may collect anonymous identifiers. However, Google did not inform about what type of entities these partners are and how they will use the collected data,”
This is the bit that really gets me, unbearable smugness of 'partners' aside. I've pretty much made my peace with Google doing whatever with my data; I use gmail via pop and their search, use just about every privacy addon going, and most importantly ABP, so their chances of utilising that data to pimp me web ads I might click on is close to zero. I don't even mind especially if they offer services to others that leverage the data they have, provided the data itself remains in one named place, i.e. google.
Opening the doors to third parties, for a fee, to access that same data in the raw however is a class apart, and one I really, really take offence to, especially when what they doing with it and who they are is not explicitly stated. If companies like google want to stick to wording like 'partners' without adding detail, they should be obliged to provide ironclad opt outs from that data being passed on, because I am given (as intended) no way to make a meaningful assessment of whether I would be happy with the arrangement. In principle, my attitude to providing data to those I have no dealings with is invariably no, period. Its not just google. The recent issue of NHS data sharing would hava been largely unproblematic for me if they'd just left it at "share with your GP, hospital etc". The minute they introduced the idea of profit making third parties benefitting, it was a categorical 'no' for me, because I just don't believe for a second that the benefits to the NHS through research by private enterprise would ever be proportional to the value to profit making pharmaceutical businesses already seen as rapaciously greedy, and known to have dubious ethics.
The use of data just isn't going to go down and its imperative NOW to nail down the principle of who gets access to what, and in what circumstances if any the default should be 'access allowed'.
The principles of data protection in europe are good at the most absolutely basic level - your data is yours to give or withdraw. Its just that everything below that, or that springs from it, fails miserably; regulation, enforcement, transparency are all lametable and there seems no will to fix them. But worse by far is the lack of undertstanding by politicians and bureacrats, both for now and the future, of the implications of what that basic statement "your data is yours" even means. It currently seems they proudly proclaim their belief in data protection, then smile benevolently as businesses mine, exploit and abuse our privacy as if they were reenacting the 1849 gold rush, without any clear idea of what if any rights or redress we have in practice.
The one thing I see to be optimistic about for the near future is the considerable number of extremely smart people attempting to devise technical solutions to allow us to better protect and distribute our own data in a manner of our choosing, and with our informed consent if sharing it. You simply can't dismiss the importance of policy entirely, but its one of those things fortunately where the application of vast sums of money does not always guarantee you what you want, and low cost, easy to use technologies would at least leave less for the policymakers to misunderstand and fuck up, and perhaps force companies to rethink their approach to how they obtain, use/misuse and sell users data.
>The minute they introduced the idea of profit making third parties benefitting, it was a categorical 'no' for me, because I just don't believe for a second that the benefits to the NHS through research by private enterprise would ever be proportional to the value to profit making
Who do you think makes the actual drugs that the nhs use and who's research might benefit from access to data?
That's right profit making companies.
How do you think profit making companies pay for the research?
That's right out if their profits
And who will develop new drugs if profit making companies don't
That's right no-one.
So you'd sooner do without new drugs than allow anyone to make money from making them
Thanks for the lesson. I think their methods of plumping up their profits frequently amount to gouging, they have a habit of cherry picking conditions likely to yield higher profits at the expense of ones that might cause wider suffering or have more debilitating effects, they target government health rpoivision as nice fat cash cow....etc, etc.
So, no, I have a pretty low opinion of them, and feel disinclined for my data to be pimped by the NHS in a way that fails to properly realise its value, not least as 'what' it would used for is not mentioned at all, let alone made in any way clear, so in absence of any semblance informed consent I feel utterly disinclined to participate. If those deciding how it works choose to rethink the blanket and very blind nature of consent, I'll reconsider.
There was a bit of a fuss about this a while ago, perhaps you recall.
I have a family concern with research limitations. I know that at least one member of my family can ab-react to certain pharmaceutical products, rendering them unable to walk in an extreme though recent case. I am also aware that some drugs react in different ways with different ethnic and as said above, genetic or condition groups. I am therefore keen that such data is available to researchers for enhanced drug research and for explicit prescribing guidelines.
I am not in favour of selling the data to anyone who might want to spend an afternoon fishing for an idea.
Likewise with 'commercial data'. Frankly I do not care that anyone knows anonymous data saying, e,g. that 80% of people who looked for (a) went on to buy (b). is available. I would be far more concerned that the fact that I did or did not buy x or y was being sold to anyone. However, I am not sure that Google or any other search engine would know what I bought. If I search for instructions on how to service x, it does not mean that I own x, I might research it to help someone else or to look for possible issues with x before deciding to buy x.
The fact that other so called search engines are so good at finding what I need, (they cannot!) raises severe doubts that they would ever find any useful data to sell to anyone is another matter.
As for the 'right to have crimes forgotten' that has now been established by the EU, I am aghast at this travesty. Where were my human rights when I lost the right to find out if the doctor was a sex pest, incompetent surgeon or whatever? Or that the financial adviser was a bankrupt who stole from previous clients, etc.?
A review of some of the cases de-listed from Google but still held by numerous legal and news reporting sites makes very worrying reading. Some appear to go right to the heart of serious organisations.
I realise that for those who use other services such as e-mail and storage facilities additional questions arise and that there are other issues for them to answer or not use the 'service'. But the last thing I want is to read through a 10, 20 or 30 page disclaimer list every time that I need to find, e.g. the opening times of the x-ray or blood test unit at a hospital.
I couldn't care less about the data sharing except for ways to contact me such email addresses. it pisses me off that companies are allowed to share those without explicit permission. I prefer Googles ads to the crap that gets pumped out from places like facebook, Yahoo etc.
As for NHS data they should shovel that to companies by the boatload if it assist in research to improve drugs and treatments. If the Government cant afford the research then someone has to do it.
There's part of me wondering why we are still bothering to try and regulate this behaviour by companies. All privacy statements allow for "sharing information with select third parties" which I take to mean "anyone we can sell the data too". That means any information you give to one company will probably spread fairly widely and there's nothing you can realistically do about it once it leaves the initial company.
Sure we can write some draconian laws but they will be as ineffective as the existing laws are and it'll cost even more money to drag companies through the courts to reach conclusions that are 10 years out of date.
I think we have to accept that certain types of privacy are largely dead and there's really nothing we can do about it.
The point is that we don't really bother trying to regulate meaningfully at the moment with regards to data; governments make grand sounding rules but prevaricate about implementing them lest they 'break' something, or stifle innovation, then in the end do very little of anything useful. The reality is that those making and implementing the decisions just don't seem to understand what the limitations should be or what is needed, and take far, far too much of their advice from those who would benefit from the status quo. As with so many other things related to IT, we need a parliament and civil service that better reflects the landscape, with more representation from those with a solid IT background, rather than the acres of lawyers currently populating the benches. The people to do it exist; however persuading them to sign up in the current political environment is another matter unfortunately.
Its far too early to throw in the towel, not least because the world you envision is so unappetising; nothing currently is actually so broken it can't be repaired or rebuilt with regard to privacy even if it takes a few years to work out the mechanics.
Imagine the great fun to be had selling, if not personalized data, then anonymized information to be had from documents, images, drawings and spreadsheets when suites of software exist on far-away servers and users devices are only terminals. How shall the EU react when every document is sent abroad as it is created?
Bad enough that big data about ME is collected by evil people like Brin who believes in the religion of global warming now. Worse that it is shared with others who may be inclined to blackmail. The B.S. that it is so convenient that ads I want are targeted to me is bad enough. What else can be targeted to ME and Thee.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
