CNIL privacy ruling has real public sector implications

Jeff Gould by Jeff Gould, SafeGov.org
Tuesday, October 16, 2012

While European Data Protection Authorities have only addressed the broad consumer market with their finding that the Google privacy policy as currently written doesn't comply with European law, their ruling will also have a significant impact on government and public sector users as well. Specifically, the ruling is likely to put a brake on the deployment of services like Google Apps by government and public sector customers in Europe.

My organization SafeGov does not object to the Google consumer privacy policy (which is in many respects similar to the consumer policies of Facebook, Microsoft, and others). However, it is our strong view that a cloud service provider should not reserve the right to data mine or otherwise exploit the content created by public sector (or enterprise) users who are paying for the service under contract.

Google has been extremely ambiguous and indeed I would argue evasive on this point. They claimed in February that their privacy policy is "superseded" by their individual contracts with government customers. But at SafeGov we found and published examples of Google Apps for Government contracts that not only did not "supersede" the policy, but directly incorporated it. Now that the Europeans are saying that the Google consumer policy (and presumably the similar consumer policies of its competitors) does not comply with European law, the implication is that the policy is even more of a non-starter where public sector customers are concerned. The solution that I recommend is for all cloud service providers serving government and public sector customers to adopt dedicated privacy policies for these customers that expressly ban the data mining and user tracking techniques used by the ad-driven consumer cloud services such as Gmail, Hotmail and Facebook.

More information

Post a comment

Sign in to comment.

Not yet registered? Join the debate