Self-regulation often works better than legislation
As the information age becomes a reality for increasing numbers of people around the world, the technologies that underpin it are getting more sophisticated and useful. The opportunities are immense. For individuals, a great leap forward in their ability to communicate and create, speak and be heard; for national economies, accelerated growth and innovation.
However, these technological advances do sometimes make it feel as if our lives are now an open book. Credit cards record where we shop and what we buy. Mobile phones track our every movement. E-mails leave a trail of whom we “talk” to and what we say. The latest internet trends – blogs, video sharing sites and social networks – make it possible to share almost anything – photos, home movies, one’s innermost thoughts – with almost anyone.
That is why Google believes it is important to develop new privacy rules to govern the increasingly transparent world that is emerging today – and by new rules I do not automatically mean new laws. In my experience self-regulation often works better than legislation – especially in highly competitive markets where people can easily switch providers.
Search is a good example. Search engines such as Google have traditionally stored their users’ queries indefinitely; the data help us to improve services and prevent fraud. These logs record the search query, when it was entered, and the computer’s internet protocol (IP) address and cookie. An IP address is the number (sometimes permanent, sometimes temporary) that is assigned to a computer – it enables us to get the right results to the right screen. A cookie is a small file that, among other things, records people’s preferences – for instance, the language in which they like to have their search results.
While none of this information identifies individuals – it does not tell us who someone is or where they live – it is to some extent personal because it records people’s search queries. That is why Google has decided to cut off parts of the IP address and cookie after 18 months – breaking the link between queries and the computers they originated from. It is not unlike credit card companies replacing digits with stars on receipts to improve their customers’ security.
Other search engines have now followed suit, demonstrating that in an industry where trust matters companies are now competing on the best privacy practices as well as services. It is a great example of self-regulation at work.
Of course, that is not to say privacy legislation does not have its place in setting minimum standards. It does. At the moment, most countries have no data protection rules at all. Where legislation does exist, it is typically a mixture of different regimes. In the US, for example, privacy is largely the responsibility of the different states – so there are in effect 50 different approaches to the problem. The European Union, by contrast, has developed common standards but, as some privacy regulators in Europe have acknowledged, these are often complex and inflexible.
In any event, privacy rules in one country, no matter how well designed, are of limited use now that personal data can zip several times round the world in a matter of seconds. Think about a routine credit card transaction: this can involve six or more separate countries once the location of customer service and data centres are taken into account.
That is why Google is calling for a new, more co-ordinated approach to data protection by the international community. Consistent global privacy standards, based on transparency and user choice so that people can make informed decisions about the services they use, would have significant benefits.
First, they would give consumers more confidence that their data are safe, wherever they are stored. Second, they would create greater certainty for business, helping to stimulate economic activity and innovation.
Of course, developing any kind of global standard will not be easy – but it is not entirely new ground. The Organisation for Economic Co-operation and Development produced its own guidelines as far back as 1980. More recently the United Nations, the Asian-Pacific Economic Co-operation forum and the International Privacy Commissioners’ Conference have all focused on the need for a more unified approach.
The speed and scale of the digital revolution have been so great that few of us can remember how life was before we could communicate and trade 24 hours a day, seven days a week. And the benefits – in terms of improved access to information, increased freedom and higher economic growth – have been so great that most people who do remember the past would never want to go back.
The task we now face is twofold: to build consumer trust by preventing abuse and to create consistent, predictable rules that encourage future innovation. If we are serious about achieving these goals, it is time for us to get serious about agreeing on a global approach to privacy.
The writer is chief executive and chairman of Google
Return to internet news headlines
View Internet News Archive