In the latest sign of growing apprehension in some quarters, as Google Inc. is facing the wrath of privacy advocates once again over concerns that it is not posting its privacy policy “noticeably” enough on its home page to comply with California law.
An alliance of 14 privacy and consumer groups sent a strongly phrased letter to Google Chairman Eric Schmidt, charging that Google is violating California law by failing to post a prominent link on its home page to its privacy policy.
“Google’s reluctance to post a link to its privacy policy on its homepage is alarming,” wrote the groups in a letter to Google CEO Eric Schmidt dated Tuesday. “We insist on you to comply with the California Online Privacy Protection Act and the widespread practice for commercial Web sites as soon as possible.”
The search engine giant is being asked to mention the word “Privacy” alongside other information links.
“It is a short, seven letter word and in the world of privacy it is a very important word,” said Beth Givens of Privacy Rights Clearinghouse.
The privacy group said Google does not want to congest its famously austere home page with a privacy link.
The issue has been gathering momentum following a series of blogs in the New York Times questioning Google’s compliance with the California Online Privacy Protection Act of 2003.
In essence, the law calls for any commercial website that collects personal information about its users to “conspicuously post its privacy policy on its website”.
Google asserts that it already does and that its privacy policy can be found by going through its search engine or by clicking on “About Google”.
Ms Givens, of Privacy Rights Clearinghouse, said: “I carried out the tedious exercise of finding [Google’s] privacy policy and it is not easy. It is not intuitive and it is not a couple of clicks. You have to work at it.
“The Google privacy policy consists of five pages. It is something I think they would be proud to point to. It is a hefty privacy policy.”
The signatories signing the letter include the American Civil Liberties Union of Northern California, the Center for Digital Democracy, the Center for Financial Privacy and Human Rights, Consumer Action, Consumer Federation of California, the Electronic Frontier Foundation, the Electronic Privacy Information Center, the Identity Theft Action Council of Nebraska, Knowledge Ecology International, Privacy Lives, the Privacy Rights Clearinghouse, Privacy Times, the U.S. Bill of Rights Foundation and the World Privacy Forum.
Google is no alien to the criticisms of privacy advocates, many of whom worry about the sheer volume of consumer data it has access to. Its recent acquisition of DoubleClick compounded those fears.
As the accessibility of its privacy policy comes under fresh scrutiny, however, Google upholds that it has done nothing wrong.
What is not exactly apparent is whether Google is actually doing anything unlawful. Google, for its part, disagrees with such assertions.
When asked for its response to Tuesday’s letter, Google provided News.com with the following statement:
“We support the view that privacy information should be easy to access, and we believe our privacy policy is accessible without delay to our users. Just as importantly, privacy information should be easy to understand.”
Therefore, other than offering a Privacy Center with our privacy policy and additional important information, we also created a YouTube privacy channel with videos explaining our practices and products, ran an ad campaign to draw consumers to our privacy information, posted several blogs that explain our privacy practices in detail and posted detailed frequently asked questions to help consumers understand the complex aspects of privacy. Privacy policies can be complex and not consumer friendly. “To truly help consumers understand privacy, our goal is to provide accessible and useful information.”
Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center (EPIC), also a staunch supporter of the coalition, said the letter was prompted by Google’s response to a series of articles in the New York Times questioning the lack of a homepage link. In those articles, Google seemed to indicate that it didn’t need to put a link to its privacy policy on its home page, and that doing so would clutter the page, Rotenberg said. The company also seemed to be saying that while there was no to its privacy policy from the homepage, the policy was easily accessible to those who wanted it.
Google spokesman Steve Langdon said last week that the “reasonable person” clause and other feature of the law protected the Mountain View, Calif.-based company.
Joanne McNabb, chief of California’s Office of Privacy Protection, said the difficulty in responding to questions such as whether a reasonable person would notice the link to the privacy policy was why “it makes more sense not to focus on nit-picky statutory requirements.”
The point, McNabb said, was to try to establish best practices. And a link from the home page is “beyond a best practice,” she said, it is standard practice.
In an e-mailed statement, a Google spokeswoman said the company supported the vision that it was important for consumers to easily find privacy policies. However, the statement gave no indication that Google has any plans to put a link on its home page.
“By simply typing [Google Privacy Policy] into the Google search engine, consumers can easily find not only our privacy policy, but additional information about privacy,” the statement said.
Eric Goldman, director of the High Tech Law Institute at Santa Clara University School of Law, said it is not clear whether Google is in violation of the California law referenced by the privacy advocates. “I think bright minds would disagree about whether Google is in compliance with its current implementation,” he said.
The chief of California’s Office of Privacy Protection, Joanne McNabb, told the New York Times that her office plans to "recommend" that Google link to its privacy policy on its home page. She was quoted as saying, "Why not? It’s only seven letters."
But McNabb also said her office isn’t tasked with interpreting the law and can’t do anything more than make recommendations.
For the privacy groups who sent the letter on Tuesday, the answer is clear.
"The straightforward reading of that law is that Google must place the word ‘privacy’ on the Google.com Web page linked to its privacy policy," they wrote. "Moreover, just about every major company that operates a Web site places a link to its privacy policy on its home page."
Despite criticism from privacy groups, Google has undertaken efforts designed to make its privacy practices more digestible to its users in recent months, including launching a channel on its YouTube subsidiary filled with videos aimed at explaining what sort of user data its products use and store.
In a conference call with reporters Tuesday, representatives from the privacy groups said they had not attempted to reach a resolution privately with Google before publicizing their letter, which they acknowledged was prompted by the New York Times pieces. Electronic Privacy Information Center director Marc Rotenberg suggested such a move wouldn’t have accomplished anything different than would a public letter.
So why not go the next step and file a lawsuit challenging Google’s privacy policy practices as a violation of California law? Rotenberg said the groups opted to send a letter instead in hopes that their gripes can be "quickly resolved" through subsequent discussions with Google.
“If Google decides it does not have to comply with the California law,” Rotenberg said in response to a question from CNET News.com. “It does raise some very troubling questions, and we would have to decide what to do next.”
“In the meantime it remains to be seen whether the privacy groups’ charges lead any further than a simple request made to Google.”