Out-Law News 4 min. read
03 Jun 2008, 8:51 pm
Google's global privacy chief told OUT-LAW last year that he does not see a need for a link on the search engine's homepage. Today a spokesman for the company maintained that the company's privacy policy is easy to find.
The search engine's homepage is widely praised for its simplicity. When it launched almost 10 years ago, the absence of third party adverts on its homepage distinguished Google from competitors like Alta Vista, Excite, Lycos and Yahoo! But while Google became popular because it was better at finding information than its rivals, the difficulty of finding the company's own privacy policy has drawn criticism.
A coalition of US privacy and consumer organisations said in a letter sent today that Google needs to add a prominent link on its homepage to its privacy policy. This is required by California law and is the widespread practice of commercial websites, it said.
In the letter to Google’s CEO, Dr Eric Schmidt, the groups said: "We urge you to comply with the California Online Privacy Protection Act and the widespread practice for commercial web sites as soon as possible.”
One signatory, Marc Rotenberg, Executive Director of the Electronic Privacy Information Center in Washington, DC, said in a statement, "This is not rocket science. And the word 'privacy' is not got going to take up a lot of space on the Google homepage."
Other signatory organisations include the California-based Privacy Rights Clearinghouse, the World Privacy Forum, Consumer Action, the Electronic Frontier Foundation, the ACLU of Northern California, and the Consumer Federation of California.
The text of the open letter is reproduced below. It describes Google's approach as "alarming" and cites the California Online Privacy Protection Act, a law passed in 2004. That law requires all commercial websites that collect "personally identifiable information" from users in California to have a conspicuous privacy policy.
It states: "a text link that hyperlinks to a Web page on which the actual privacy policy is posted [is sufficient] if the text link is located on the homepage or first significant page after entering the Web site."
In Europe, a group of privacy experts published an opinion in April 2008 that also called for a link to a privacy policy from a search engine's homepage.
The Article 29 Working Party, an independent European advisory body on data protection and privacy, interpreted Europe's data protection regime as requiring such a link.
"Most internet users are unaware of the large amounts of data that are processed about their search behaviour, and of the purposes they are being used for," it wrote. "If they are not aware of this processing they are unable to make informed decisions about it. The obligation to inform individuals about the processing of their data is one of the fundamental principles of the Data Protection Directive."
"The information that has been supplied by search engines providers in response to the Working Party's questionnaire shows that important divergences exist," said the Working Party. "Some search engines comply with what is specified in the Directive, including links to their privacy policy both from the home page and from the pages generated in a search process and information about cookies. With other search engines, it is very difficult to locate the privacy policy."
"Users must be able to easily access the privacy policy before conducting any search, including from the search engine home page," it wrote.
Last July, OUT-LAW interviewed Google's privacy chief, Peter Fleischer. Asked why there was no link to the privacy policy on the front page of Google, Fleischer replied: "Google has a very sparse homepage. It’s one of the things that we’re very proud about. It’s kind of clean and zen-like. Last I counted I think we had something like 35 words on our homepage. On ours with only 35 words, we had to keep it very sparse. Now of course we’re a search engine, so anybody who wants to see our privacy policy can type 'Google privacy policy' and, trust me, it will come up as result number one. It’s not hard to find. We’re a search company. We don’t believe in pushing things into people’s face. We keep it easy and simple to find."
Google's privacy policy can also be found by following the homepage link entitled 'About Google' and then clicking a 'Privacy Policy' link at the foot of that page.
Google told OUT-LAW today that the company is refusing the request. "We don't have plans to change our homepage," a spokeswoman said.
"We share the view that privacy information should be easy to find, and we believe our privacy policy is readily accessible to our users," she said.
"Privacy policies can be complex and not consumer friendly," said the company's spokeswoman, who pointed out that Google offers a Privacy Center and a YouTube privacy channel with videos explaining the company's practices and products. "To truly help consumers understand privacy, our goal is to provide accessible and useful information," she said.
At the time of writing, links to privacy policies were on the homepages of Microsoft's Live.com, Yahoo.com, Altavista.com, AOL.com, Lycos.com and Excite.com. They were not present on the homepages of Google.com and Ask.com.
Dear Dr. Schmidt,
We are writing to you on behalf of California consumers and Internet users around the world to urge Google to include a direct link to its privacy policy on its homepage.
California law requires the operator of a commercial web site to “conspicuously post its privacy policy on its Web site.” The straightforward reading of that law is that Google must place the word “privacy” on the Google.com web page linked to its privacy policy. Moreover, just about every major company that operates a web site places a link to its privacy policy on its homepage.
While we do not believe that a privacy policy is a guarantee of privacy protection, it does represent a commitment by a commercial web site to inform users about the company's privacy practices.
Google's reluctance to post a link to its privacy policy on its homepage is alarming. We urge you to comply with the California Online Privacy Protection Act and the widespread practice for commercial web sites as soon as possible.
Sincerely,
