In an interesting survey of Google’s difficulty balancing privacy and search ubiquity, CNet reporter Elinor Mills has done an excellent job in chronicling the tensions. I commend the article to your reading.
I do have one criticism, however: she didn’t mention Google’s lack of a Privacy Officer as an issue contributing to Google’s litany of privacy miscues. Frequent readers of this blog know that it’s one of my pet issues, and a critical component of why I believe Google still doesn’t “get it,” and why they will continue to have trouble.
I sent Elinor some feedback, which you can read below. Perhaps the next time Google stumbles on privacy — just a matter of when, not if — people will begin to focus on the underlying reasons for why Google stays on the cutting edge of privacy scandal.
Here’s the feedback I sent:
Subject: FEEDBACK:Google balances privacy, reach
I enjoyed your piece today about the mounting privacy concerns at Google. It’s something I’ve been concerned about for quite a while, and have written about extensively in my blog, http://www.privacyclue.com.
My only criticism of your piece was that I didn’t see you mention their lack of dedicated privacy personnel, such as a Privacy Officer. Most major companies have such a position, but Google doesn’t. hey considered hiring a Privacy Officer back in 2001, but concluded that they didn’t need one — they thought the “do no evil” ethos would insulate them from privacy issues. As a result they have no one looking at privacy as a strategic issue, and the consequences show every time they’re surprised by user concerns over some new practice.
As the world’s first corporate Chief Privacy Officer, and one who has helped many of the nation’s major corporations hire and train their privacy personnel, I’m still appalled by Google’s myopia on this score. Contrary to the headline of your piece (which I know you probably didn’t write), privacy and reach shouldn’t need to be balanced if both are guiding principles and working objectives. It’s only a zero-sum game if you’re not applying creativity to the search for solutions. Unfortunately, when there’s no CPO, nobody is being assigned the task of finding those solutions every single day.
You might find a couple of my recent blog entries interesting if you care to explore these issues further:
Google’s CEO: ‘We Still Don’t Get It’
(In which I discuss the difference between “do no evil” and Doing Good.)
Google Launches New Privacy Controversy
Privacy Wanes when Bloggers are Muzzled
(In which I analyze Google’s blogging policy.)
Update: 7/15 I stand corrected, thanks to these lovely new shoes Elinor Mills sent me… Seriously though, Elinor pointed out that I missed a couple of sentences where she discusses the privacy officer issue, and even asked Google about it. So bravo for raising the question!
Elinor quoted Google’s rep, saying that the company has several attorneys on staff who deal with privacy issues among other issues. For this reason I do still stand by my criticism of Google.
These problems are precisely why most companies have separated out the privacy issues into a separate position, the Privacy Officer, and sometimes into a separate department. When I created the world’s first corporate Chief Privacy Officer position, we specifically separated the duties from those of the in-house legal team, so that the position could be truly focused on privacy matters.
In-house counsel is a very important part of the equation, but counsel is searching for the minimum necessary for legal compliance, and as a result isn’t always looking for other red flags, such as those that will create PR issues. A specialized Privacy Officer often has the kind of hybrid skill set — including marketing, technology, public relations, and public policy — that prepares them for tackling issues that are more complex than mere regulatory compliance. There’s lots of stuff that a company can do that’s legal, but still dumb. Speaking as a lawyer, I know first-hand that most good lawyers can help you avoid legal problems, but fewer lawyers can help you avoid looking bad while you do it.