Skip to navigation
Latest News

Google legal chief: privacy laws too hard on SMBs

EU

By Stewart Mitchell

Posted on 25 May 2012 at 16:29

Google’s chief lawyer has launched a tirade against Europe’s proposals to increase regulation of data.

Writing on his personal blog, Peter Fleischer said plans to clamp down on how big companies, such as Facebook and Google, handle data would be disastrous for small and medium businesses.

Google is currently facing European probes into a variety of privacy issues and Fleischer said data rules intended to control large companies would trickle down and result in a barrage of complicated regulation and red tape.

I wonder how an SME could possibly deal with this paperwork and process torrent, and how they're supposed to pay for it

“Politicians are furiously running around giving media interviews about how this will rein in Facebook or Google, as though all of Europe's privacy laws should be written for one or two companies,” he wrote on his personal blog.

“Trying to write a privacy law to 'rein in' Google or Facebook is a sure recipe for writing a bad privacy law that would apply to all companies in Europe.”

Citing ongoing discussions among European officials to impose data-breach notification, fines for “routine” data protection lapses and a requirement to have data protection officers, Fleischer said SMEs would struggle to meet their requirements.

“For big companies, it's not a big deal if the data protection 'compliance tax' increases by a few million ‘new pesetas’ or ‘new lira’,” he said.

“Frankly, I wonder how an SME could possibly deal with this paperwork and process torrent, and how they're supposed to pay for it.”

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Piffle

As a data protection officer for a medium sized business, it isn't that diffucult. You just need to ensure that your data is properly protected and the correct safeguards are in place.

The laws aren't that difficult to understand or to conform to - unless you want to do something you aren't supposed to do with the data.

It is more of a headache for large Internet companies whose income depends on sharing customer data and mining it to generate revenue. That is where the problems really lay.

If a company approaches perosnal data privacy as the core of their data systems, it isn't difficult to comply.

If a company approaches personal data privacy as a wall to successfully exploiting its userbase, then yes, they will have problems complying.

I think this is much more along the lines of European companies know their customers care more about privacy, whilst American companies are used to the lax US legislation that promotes the exploitation of its citizens in the chase of the almights dollar.

Big US companies trying to come over to this side of the Pond and using those same tactics always end up with a surprised look on their faces, when they put their own greed before their users' privacy.

By big_D on 26 May 2012

Additionally...

"Citing ongoing discussions among European officials to impose data-breach notification, fines for “routine” data protection lapses and a requirement to have data protection officers, Fleischer said SMEs would struggle to meet their requirements."

That is FUD. Small businesses won't need a DPO, the law only affects companies with more than 25 data processing employees.

The DPO is a secondary role (and in Germany, where I work, the DPO has special protection under the law - to enable him to do his job and tell the directors that they need to change things, without fear of retribution, he is protected from being sacked under normal conditions during his tenancy and for 2 years after his role ends and somebody else takes over the role).

By big_D on 26 May 2012

If it's not hurting, it's not working...

I'm deeply touched that Google's 'chief lawyer' has the best interests of SMEs so much at heart. Fair warms the cockles of me 'eart.


As Big_D eloquently points-out this is classic corporate FUD: using SMEs as a proxy for their own concerns.

As Thatcher famously said 'If it's not hurting, it's not working' and clearly Google's pips are starting to squeak......

By wittgenfrog on 27 May 2012

Whos data is it?

Anyone would think that the data belonged to them.

My data is MINE it is PRIVATE and I do NOT give anyone permission to use it without my explicit approval.

Google and Facebook, like the majority of British business, started life on the internet believing they could track people and mine data without permission.

Like PPI, it was not explained, it was not asked for, and was not wanted. I would call it technical hacking, because it places non-requested code and trackers into a Personal Computer.

Any company should obtain explicit permission from a user, before collecting data. Unfortunately the British Authorities charged with user data protection [Information Commissioners Office ICO] has said they will not fine anyone who has went some way to complying with the EU Cookie Rules. {Already postponed for 12 months because business was not able to comply).

While "Chocolate Fire Guard" comes to mind, I wonder if the ICO does not realise they may be causing an EU Offence in NOT enforcing these new Laws?

Turning a "blind eye" to a crime is also called "Perverting the course of Justice".

By lenmontieth on 28 May 2012

@lenmontieth

No, it isn't necessarily your data. If it is Facebook or GMail, it is your data. That is the problem, spreading their FUD, Google and Facebook make it sound like it is "your" data, rather than data about you held by companies.

For "normal" companies, it is their data - a "record" in their database with your customer number, name, address, payment details and purchase history, for example, or your personnel record at work.

Under EU law, the company has to ensure that this data is only viewed by authorised users (i.e. sales team can see your customer data, but administrators, personnel department etc. cannot see it, or can only see a defined subset which they need to do their job).

The DPO in a company is resonsible for auditing IT systems, their security and their use and ensuring that they comply with EU law.

By big_D on 29 May 2012

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.