Sun, May. 16, 2010

Google and Data Protection Laws Under Fire

CK - Washington.   Recently, German data protection officers opened themselves to ridicule when they fussed about Google's Streetview cars gathering WiFi-access point information. After all, anybody can collect that information. Most WiFi router broadcast identifying information openly. Many programs, including those distributed for free by the German federal internet security agency for the protection of government agencies, BSI, business and households on the BOSS CD, can display and collect not only identifying information but also the real-time wired and wireless data stream.

WiFi-identifying information is technical, similar to IP-addresses which also do not identify persons, and includes data such as the name of a network, a hardware number and the type of encryption. German data protection laws focus on personally identifiable information and permission. With or without permission, personally identifiable information is subject to strict rules its collection, storage and destruction.

Last week, Google disclosed that it had accidentally collected fragments from the wireless data stream that hit its Streetview vehicles. The media and data protection offials struck Google with even greater fury. Again, they may be mistaken because the fragments are highly unlikely to constitute personally identifying information, and no collection of such data has been alleged.

And again, the government-sponsored tools have long enabled anybody to collect much more information from the wireless data stream. The criticism of Google ignores the cornerstone of German law: Personally identifiable information and permission are not involved, unless the officials possess additional technical information on the Streetview program that they have not disclosed. As a result, Google's activities, now stopped, remained compatible with German law.

The Telemedicus blog analyzed the applicable legal issues objectively, in German, without the prevailing hostile attitude. In addition, it published an interview with German internet law professor Thomas Hoeren who finds fault in the key concepts of German data protection law.

Data sovereignty, he argues, should not be limited to personally identifiable information, a term coined in the 1960s and 1970s--decades predating broad access to the internet. In addition, he advocates a review of the permission concept that is reflected in the fine print of many internet sites and fails to adequately inform users of their exposure.


      CURRENT :: 2003 :: 2004 :: 2005 :: 2006 :: 2007 :: 2008 :: 2009 :: 2010 :: 2011 :: 2012 :: 2013 :: 2014 :: 2015 :: 2016 :: 2017