Few days back Privacy International has published a report on "Privacy Ranking of Internet Service Companies". This report has been prepared by Privacy International following a six-month investigation into the privacy practices of key Internet based companies. The ranking lists the best and the worst performers both in Web 1.0 and Web 2.0 across the full spectrum of search, email, e-commerce and social networking sites. The analysis employs a methodology comprising around twenty core parameters. Google Inc performed very poorly, scoring lowest among the other major companies that were surveyed. Microsoft scored an overall better result than Google in the rankings.
The report was compiled using data derived from public sources (newspaper articles, blog entries, submissions to government inquiries, privacy policies etc), information provided by present and former company staff, technical analysis and interviews with company representatives. Because the 2007 rankings are a precedent, Privacy International will regard the current report as a consultation report and will establish a broad outreach for two months to ensure that any new and relevant information is taken into account before publishing a full report in September.
Which companies?
The survey was limited to online service companies. Privacy International has created a list of consumer-facing companies based on a number of 'top 50', 'top 100', and 'top 500' resources using criteria including:
- Market share
- Services offered
- Number of users
- Site traffic
- Amazon
- AOL
- Apple
- BBC
- Bebo
- eBay
- Friendster
- Hi5
- Last.fm
- LiveJournal
- Microsoft
- Myspace
- Orkut
- Reunion.com
- Skype
- Wikipedia
- Windows Live Space
- Xanga
- Yahoo!
- YouTube
"Categorizing companies has become increasingly difficult. The amount of mergers and acquisitions sometimes makes it quite difficult to differentiate stand-alone companies from conglomerates. We had to judge when it was appropriate to differentiate between companies and services. For instance, Windows Live Space is part of Microsoft, but because it offers services that are quite specific and because of the size of the user base, we took the decision to treat it as a distinct organisation. Meanwhile, Google is a company comprising many services, but its practices and ethics are very much part of its brand and image as a whole, and so we treated it as one single entity. We ranked Orkut as a separate entity even though it is owned by Google."
Methodology
In wide consultation with experts from around the world we were able to identify the following ranking categories for analysis:
1. Corporate administrative details
2. Corporate leadership
3. Data collection and processing
4. Data retention
5. Openness and Transparency
6. Responsiveness
7. Ethical compass
8. Customer and User control
9. Fair gateways and authentication
10. Privacy enhancing innovations and Privacy invasive innovations
Why Privacy nternational placed Google at the bottom ?
As per Privacy Internation, Google's specific privacy failures include, but are by no means limited to:
- Google account holders that regularly use even a few of Google's services must accept that the company retains a large quantity of information about that user, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure, and without an opportunity to delete or withdraw personal data even if the user wishes to terminate the service.
- Google maintains records of all search strings and the associated IP-addresses and time stamps for at least 18 to 24 months and does not provide users with an expungement option. While it is true that many US based companies have not yet established a time frame for retention, there is a prevailing view amongst privacy experts that 18 to 24 months is unacceptable, and possibly unlawful in many parts of the world.
- Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information from Orkut.
- Google collects all search results entered through Google Toolbar and identifies all Google Toolbar users with a unique cookie that allows Google to track the user's web movement.17 Google does not indicate how long the information collected through Google Toolbar is retained, nor does it offer users a data expungement option in connection with the service.
- Google fails to follow generally accepted privacy practices such as the OECD Privacy Guidelines and elements of EU data protection law. As detailed in the EPIC complaint, Google also fails to adopted additional privacy provisions with respect to specific Google services.
- Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.
- Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.
An Open Letter to Google by Privacy International
No comments:
Post a Comment