Not a week seems to pass without news coverage of one of the Internet giants falling short of consumer privacy expectations. Microsoft has seen Hotmail hacked – a Russian hacker claimed to have acquired 6.5 million usernames and passwords – and Facebook has inadvertently published ‘private’ messages on public timelines.
And most recently it has been Google’s turn. Yesterday The New York Times discussed, in an interview with Isabelle Falque-Pierrotin, head of the France’s data protection agency, the focus on Google that has come as a result of a French led investigation by European data protection agencies.
There are two issues that I think CXOs will want clarity on. First, what exactly is all the fuss about? And second, how does this affect my business?
Part of the problem comes with the sheer breadth of services available from Google, which gives rise to a multitude of opportunities to gather and leverage customer data. Quite apart from its ubiquitous search engine, Google owns YouTube, Picassa, Chrome, Blogger and numerous services that can be used and signed up for singly or together – such as Gmail, Drive, Docs, Maps, Analytics, Adwords and the Doubleclick Ad Server. Then there is the Android mobile operating system.
If it wasn’t obvious before, that list should make pretty clear the range of data, from personal to business, that Google has access to – and therein lies the root of the current row.
Google has been doing what any smart business should be doing; making use of the data it holds to deliver a more relevant experience for its users. So, for instance, if customer X has a Gmail account as well as a YouTube account and signs in to Chrome so that he can customize a newsfeed, Google figures it makes more sense that X is treated as one person rather than three – that way it can deliver a more relevant and integrated service… oh and it can deliver more relevant advertising which is more valuable to advertisers – let’s not forget that, in the end, advertising is the reason why almost all Google’s services are provided at no charge to the user.
But the data watchdogs of Europe are concerned that, in their words, “[Google] provides insufficient information to its users, especially on the purposes and the categories of data being processed. As a result, a Google user is unable to determine which categories of data are processed in the service he uses, and for which purpose these data are processed.”
The point is Google is bringing siloed data together. Along with behavioral information gathered from across its network of services, that adds up to a lot of data – all of which can be mined and monetised. Good data management, CRM and BI practice you’d have thought – but not good, or at least not adequate, data privacy protection as the comments suggest.
But how does this affect your business and what has this got to do with organisations that do not have multifarious services spanning the globe?
As we discussed in a our post about EU Data Protection back in March, the EC is planning significant data protection changes – changes that will have a substantial impact on businesses within and outside the EU. Any business processing data about citizens – and this might just mean it ‘passes through’ your network – will have obligations under the new proposals.
I believe there is some muscle flexing going on. Europe seems to be sending out a message of ‘careful how you go’, a sort of tenderizing of the market before we all have to fall firmly in line with the new requirements.
So it seems likely that, in addition to those annoying cookie messages, European consumers will also find themselves repeatedly answering questions about how they want, or do not want, their data to be used. Businesses operating in Europe will find they will have to expend serious effort and resources ensuring that they do not fall foul of pending data privacy legislation.
What do you think about imposing tighter data privacy legislation? Comments welcomed below.
Coming up soon we’ll be looking at BYOD in schools, the Private Cloud and…. The Raspberry Ripple – yes you read that correctly!