Google vows to push legal reforms to protect user privacy

Happy Data Privacy Day.

You didn't remember that it was Data Privacy Day? Google did, and as part of its recognition of the event, it posted Monday to its Official Blog a list of initiatives it's taking to protect consumers from intrusions on their privacy, as well as inform them about intrusive activity.

google privacy

"It's important for law enforcement agencies to pursue illegal activity and keep the public safe," wrote Google's Senior Vice President and Chief Legal Officer David Drummond. "We’re a law-abiding company, and we don’t want our services to be used in harmful ways."

"But it’s just as important that laws protect you against overly broad requests for your personal information," he added.

Google outlined three initiatives it's taking to protect its users' privacy and security.

  • Continue to work for modernization of the U.S. Electronic Communications Privacy Act (ECPA), which hasn't been substantially changed since its passage in 1986, when IBM introduced the first laptop computer and Intel debuted the 386 series processor.
  • Continue to work on making its reports on government requests for information more transparent. For example, today it added a new FAQ about the process and in its latest transparency report, it included new details about requests made by U.S. government agencies.
  • Continue to strictly review government requests for personal information of users. Last week, Google reported that more than two-thirds of requests it receives for user information in the United States are made without a search warrant approved by a judge.

According to Drummond, Google requires such warrants from criminal investigators seeking access to a user's search history or content stored in a user account—even though such demands conflicts with provisions in the ECPA.

Other Google measures taken to protect its users' information from unnecessary intrusions include requiring data requests be made in writing, challenging the scope of requests to make sure they're not overly broad, and notifying users of demands for their information so users can take their own legal measures to protect their data.

However, that's not always possible. For example, requests for information made under the Patriot Act, Foreign Intelligence Surveillance Amendment and in National Security Letters cannot be made public under penalty of law.

Data Privacy Day began in the United States and Canada in January 2008 and is observed each year on January 28. It's an offshoot of Europe's Data Protection Day, which celebrates the signing of the first legally biding international treaty on privacy and data protection signed in 1981.

Subscribe to the Security Watch Newsletter

Comments