California Privacy Chief Says Google Should Improve Disclosure

It appears that one of the key "battle fronts" in the fight to protect privacy in the information age will be within the health industry. Whether its protecting your private prescription drug records from third party drug marketing and pharmaceutical companies or storing your most private health information in new products like Google Health (which doesn't have to abide by the same privacy protection rules as does government).

I have discussed in the past the privacy risks involved in using Google Health, but now in California, privacy advocates are up in arms about another aspect the product...it doesn't provide a link to its own privacy policy on its home page.

The problem is that the California Online Privacy Protection Act of 2003 requires the operator of a commercial Web site that collects personal information about users to “conspicuously post its privacy policy on its Web site.” As a reporter asked in the New York Times, "How conspicuously? The site needs to link to the policy “located on the homepage or first significant page after entering the Web site...

"Privacy experts say Google is under the microscope because it collects and retains so much information about so many people."

“It wouldn’t be a big privacy issue if it wasn’t Google saying everyone else may be doing this but we don’t need to,” said Marc Rotenberg, the director of the Electronic Privacy Information Center.

The New York Times Reports:

Ms. McNabb was blunt in her assessment that, on this matter, Google should be doing a lot more. “Our recommendation is, make information about how personal information is used available very easily for people. That’s why our recommendation is, link to the privacy policy from the home page.”

...

Ms. McNabb said her office is going to reach out to Google in order to discuss the matter and press its recommendation. In the past, the office contacted Google about its service that allows users to look up the name and address of people based on their phone numbers. Google responded by making it easier for people to remove their numbers from this system.

EPIC, the Privacy Rights Clearinghouse, and the WorldPrivacy Forum are mobilizing the public to demand Google make these necessary changes.

Their request reads:

"If you have been following the recent news about Googleand the California privacy law, you'll know that there isa real concern that Google is not doing what just about every other commercial web site does -- link to a privacy policy on its homepage. "

The essential argument states:

"California law requires the operator of a commercial web site to conspicuously post its privacy policy on its Web site. The straightforward reading of that law is that Google must place the wordprivacy on the Google.com web page linked to its privacy policy.

Moreover, just about every major company that operates a web site places a link to its privacy policy on its homepage. While we do not believe that a privacy policy is a guarantee of privacy protection, it does represent a commitment by a commercial web site to inform users about the company's privacy practices.

Google's reluctance to post a link to its privacy policy on its homepageis alarming. We urge you to comply with the California Online PrivacyProtection Act and the widespread practice for commercial web sites assoon as possible."

More to come I'm sure...