Today I read on the news that Google promotes a global standard of privacy legislation across countries. A Google representative has met with the UNESCO to discuss the issue.
Clearly, for Google, privacy laws can represent a barrier for their business model. This is true for several similar organizations: Yahoo, Altavista, LinkedIn, Facebook and so many others whose business is to handle information, promote targeted advertisement or collect personal information to customize services for customers.
These companies are often criticized for paying little to no attention to privacy concerns of their customers and users. However, such criticism is flawed, as this article will show.
People and businesses alike have benefited immensely from the Internet, and some of the key Internet “utilities” making Internet extremely useful and attractive are precisely the services that those companies provide (whether free of charge or not).
The list of advantages is rarely disputed: efficient and fast communication, immediate access to large pools of information about just about any subject, the ability to find it, customized content to one’s liking.
One typical criticism of Google, Yahoo and others is their compilation, storage and use of information about their users, without the users’ knowledge or consent. Critics argue that these companies can read users’ email, can track usage patterns of given users, and in the end can control what people do on the Internet or their personal lives.
However, these are weak accusations, if closely examined: social and business interactions, whether on the Internet or in real life, inevitably imply that one party in the service exchange obtain some information about the other party. If I borrow a book from the library, the librarian sees what I am reading; when I buy produce in the supermarket, the cashier knows what I am eating; when talking with friends about every day life, we mutually exchange information about each other’s habits.
In other words: “privacy” is merely utopia.
Thanks to computers, information collected from such interactions can be stored and processed automatically. This is the only difference between Internet-age personal, business and social interactions and non-Internet interactions.
It is true that on the Internet, “privacy” is harder to maintain or assure. This is not, however, reason enough to introduce legislation that “protects” privacy. Why does privacy individuals have to be protected by state or national laws? The only effective measure to protect privacy is in the hands of the individual: It is up to individual human beings whether to share or not information about themselves with businesses or other people. Plenty of services nowadays require lots of private and personal information from people to enjoy or use those services, but people are not forced to use those services.
Once we share our “private” information with others (on the Internet or outside), it is nearly impossible to control its use and dissemination by other. This is a fact everyone has to accept, however uncomfortable it may be.
Therefore, the privacy debate over on-line services is flimsy. Utopia cannot be achieved. Business models based on personal information processing would be impossible if privacy were to be preserved at all cost. On the other hand, while privacy is not to be ignored for the sake of business, the services and the benefits that those businesses have brought to the large public are worth downplaying privacy’s importance.
At the end of the day, it is nothing but a question of balance between an individual’s desired level of privacy and their desired level of interaction and interrelation with other people or with businesses. You can’t have your cake and eat it too.
Introducing privacy-protecting legislation might be useful if it truly thwarted fraud and identity theft attempts on people, but currently it does not. It only results in a burden and a headache to comply with, while providing no real value. People are no more protected by these regulations. In Spain, for instance, companies allocate money in their annual budgets to pay for the foreseen fines they are going to be imposed for non-compliance with personal data protection laws. They have realized it is much cheaper to pay the fine than to comply with the law. Clearly this means the law is useless in protecting data, and serves only as a fine-collecting instrument for the Government.
Google is therefore right to advocate for minimum global standards in privacy protection [Reference]:
- The global aspect is imperative: In a global Internet, any regulation short of being global is useless. We’ve seen how phishing, spam, and other plagues flourish through the cracks of cross-country legislation.
- The minimum aspect is key as well: Governments should only intervene to prevent abusive conduct, and should refrain from trying to protecting people as a whole on every particular issue. As I pointed out earlier, privacy is first and foremost a personal issue, and it is best protected from that personal domain. Legislation should concentrate on a minimum set of requirements, and it should define clear, hard sanctions for offenders.
In their current form, privacy and data protection laws are yet another bureaucratic bad idea born out of good intentions, implementing a bad approach to the problem.