The Norweigan ICT minister Heidi Grande Røys just recently advertised a large national push for open source and open standards projects all over Norway. A national competence center for open source was also recently founded by a group of trade associations, municipalities and national government agencies. The objective of the center is to promote openness in projects as well as to make sure that institutions and support exists to sustain long-term development for open source. The Norweigan government also recently declared that they will only use open standards for government information, with the Open Document Format identified as the main alternative.In September the Dutch Secretary of State of Economic Affairs, Frank Heemskerk, and the Dutch Secretary of State of Internal Affairs, Ank Bijleveld-Schouten, published the Action Plan Open Standards and Open Source Software. This plan, which sets the agenda for the public sector to use open source software from 2008 and a requirement to apply a "comply-or-explain and commit" principle for open standards, is a follow-up of the national competence center that was founded a couple of years ago.
When the plan was discussed in the Dutch Parliament on December 12, some political parties went beyond simply declaring their support and stated that the price of hardware and software should be unbundled and requested a legal obligation to use open source software. Heemskerk did not favour a legal obligation, but promised to set-up a hotline where complaints can be filed. On that same date Heemskerk also published a letter in the Financiele Dagblad that reiterated the commitment of the Dutch government to open standards and open source software, also based on the notion that this will reduce administrative burdens.
Germany has also had a long-standing involvement in open standards and free software. Prodded by a very active developer base and the oldest and largest industry association for free software, the Linux-Verband, the German government was the first to fund free software development with its support for GnuPG as early as 1999. Free software is recommended by the German Agency for Security in Information Technology (BSI) and adoption ranges from the German Foreign Ministry, which introduced free software to secure its lines of communication with all embassies around the world in 2003 and started using GNU/Linux on the desktop in 2006, over municipalities like Munich to regions like Friesland. Much of this adoption is driven by strategic considerations and security by transparency. Control of infrastructures, freedom of choice, markets and political independence are other driving factors of this evolution. It is hardly surprising then, that the German Foreign Ministry recently came out in strong support of the Open Document Format.
However, our support for the emergence of the APEC Privacy Framework has generated some criticism, which I'd like to address. The APEC Privacy Framework was inspired by the OECD Guidelines on the Protection of Privacy and is concerned with ensuring consistent and practical privacy protection across a wide range of economic and political perspectives.
At the core of the APEC framework is an entirely new privacy protection principle that does not exist in the regulatory frameworks of the 80s and the 90s: the “preventing harm” principle. The starting point is that personal information protection should be designed to prevent the misuse of that information. Since the greatest risk of that misuse is harm to individuals, we need a set of rules that seek to prevent that harm.
Using the reasoning of the APEC framework, global privacy standards should take account of the risks derived from the wrongful collection and misuse of people’s personal information and be aimed at preventing the harm resulting from those risks. Under the “preventing harm” principle, any remedial measures should be proportionate to the likelihood and severity of the harm. Some critics have said that the APEC framework is ambiguous and that the “preventing harm” principle does not look at privacy protection from the point of the individual. However, the focus of the “preventing harm” principle is precisely the individual and what is perceived as harmful by that individual.
Others see the APEC framework as the weakest international framework in this area and support the original OECD Privacy Guidelines because they are based on a simple approach to privacy protection. But is this approach a valid one to address the challenges of the Internet age? In today’s world, virtually every organisation – public or private, large or small, offline or online – relies on the collection and use of personal information for core operational purposes.
At the same time, regulators around the world are acknowledging the fact that they have limited resources to deal with all aspects of personal information protection. And three-quarters of the countries in the world still don't have meaningful privacy regimes in place. We believe that the APEC framework is the most promising foundation to advance privacy protections in those countries. What is wrong then with looking at this very practical challenge in a practical manner and trying to prioritise what really matters to people in an objective, yet flexible, way?
Fortunately, some regulators are also looking at the “preventing harm” principle as a valid way forward. The UK Information Commissioner recently published its data protection strategy which emphasises the need to make judgments about the seriousness of the risks of individual and societal harm, and about the likelihood of those risks materialising. The strategy document goes on to say that the UK regulator’s actions will give priority to tackling situations where there is a real likelihood of serious harm.
Using this approach, the key issue for policymakers and regulators is to figure out what is (or can be) harmful and what isn’t. Sure, identity theft and spam are bad. But is targeted advertising harmful or beneficial for consumers? What about the use of cookies to remember consumers’ preferences or computer settings? Do they make life easier or are they a harmful consequence of our online activities?
Let's say you're looking for some publicly available government information online. Maybe you're searching for property records or background on your local school district. Chances are, you'll start your quest not by typing in the URL of a government agency website, but by visiting Google or another search engine. Unfortunately, that may not produce the results you're looking for. In fact, much of the content that government agencies make available on the web (about half, by our estimates) doesn't appear in search results because of the way many government websites are structured.
Implementing Sitemaps is an easy way for government agencies to make their online information and services more visible and accessible to the citizens they serve. We’ve already worked with states like Arizona, California, and Virginia, and federal agencies in the Departments of Agriculture, Energy and Health and Human Services. We've also supported the sitemapping of large databases by Library of Congress and National Archives and Records Administration.
We welcome this Senate legislation and encourage governments at all levels to participate in this effort to become more transparent and accessible to citizens.
Fascinated by the twists and turns of the upcoming FCC spectrum auction? Can't get enough of the Digital Millennium Copyright Act? Passionate about online freedom of expression issues? If you're a undergraduate, graduate, or law student interested in in the world of tech policy, or know someone who is, keep reading.
We’re excited to announce the launch of the Google Policy Fellowship program, our effort to replicate the success of our Summer of Code program in the public policy sphere and to support students and organizations doing work important to the future of Internet users everywhere.
Those selected as fellows will receive a stipend to spend ten weeks contributing to the public debate on technology policy issues -- ranging from broadband policy to copyright reform to open government. Participating organizations for our beta summer of 2008 include the American Library Association, Cato Institute, Center for Democracy and Technology, Competitive Enterprise Institute, Electronic Frontier Foundation, Internet Education Foundation, Media Access Project, New America Foundation, and Public Knowledge.
Check out more details and the application, which is due by January 1, 2008. And please help us spread the word!
At the same time, one of the most powerful aspects of the Internet is its ability to personalize information for each particular user. Personalization allows consumers to receive the information, content, and products they want. The same holds true for online advertising. Targeted online advertising benefits consumers by showing them ads that are useful, relevant, and pertain to their particular interests.
California has a way of inventing things that turn out to be popular around the world (hey, not just Google). California passed the first so-called security breach notification law, in 2002. To date, 39 U.S. states have enacted laws that require notice if some form of personal information is compromised in a data security breach.
Since then, the trend has gone global. In August, the Office of the Privacy Commissioner of Canada issued guidelines on how to handle a security breach, which are just that – guidelines – but provide sensible recommendations for the handling of security breaches, including the notification to affected individuals where a breach creates a risk of harm. The logic behind the Canadian approach is that prompt notification to individuals in these cases can help them mitigate the damage by taking steps to protect themselves. New Zealand has followed a similar line by issuing guidelines on how to handle privacy breaches, which also focus on the role of notification to avoid or mitigate harm to individuals.
This trend is about to come to Europe too. The European data protection directives do not have any express provisions requiring companies that have suffered some sort of security breach to notify the individuals affected. The traditional thinking is that Europe does not need such a measure because there is already a well known obligation that calls for the adoption of appropriate technical and organisational measures to protect personal data against security breaches.
However, a European Commission consultation document of 2006 hinted at the prospect of security breaches notification obligations for providers of electronic communications networks and services, on the basis that network operators and ISPs, as the gatekeepers for users’ access to the online world, carry a special responsibility in this regard. This was followed by recommendations made by the Article 29 Working Party to extend those obligations to "data brokers," banks and other online service providers. The Working Party went on to say that for important breaches, all customers of the communications provider – not just those directly affected – should be informed.
The European Commission is now expected to include a formal proposal introducing mandatory security breach notifications or otherwise, into its review of the EU’s e-communications regulatory framework. Bearing in mind the experiences in other parts of the world and the latest thinking in jurisdictions like Canada and New Zealand, the risk of harm to the individual should be a determining factor in triggering notification obligations. Otherwise, the real risk is to trivialise notification obligations to such an extent that they become meaningless and ineffective in terms of data protection. In fact, the potential damage to consumers of a blanket notification obligation could be twofold: on the one hand, it can create unjustified anxieties and on the other hand, it may result in a lack of proper attention to more serious incidents.
A recent article about our treatment of a political ad placed on Google suggested that we make decisions about advertising content based on the political viewpoint of the advertiser and the ad. This is simply untrue. We do not accept or reject ads based on the political opinions expressed in the ads or the political views of the advertiser.
Let me explain the facts behind the matter and the policy behind the decision.
Recently, representatives of Senator Susan Collins' Senate re-election campaign tried to place an ad on Google that included a reference to MoveOn.org, a political group. The text of this ad was rejected by our system because of our trademark policy, not because of its political content.
Under our trademark policy, a registered trademark owner may request that its mark not be used in the text of other parties' ads. Some time ago, MoveOn.org submitted a request to Google that its trademark not be used in any ads, and as a result our advertiser support team offered instructions on how Senator Collins' campaign could edit and resubmit its ad.
Any company or organization -- regardless of political affiliation -- could do what MoveOn did and thereby prevent advertisers from running ads that include their trademarks in ad texts. And that's very important. The ad in question could have said that MoveOn.org was great, or even just so-so, and our policy would have resulted in the same outcome; Google would have asked the advertiser to drop the trademarked phrase.
Our trademark policy is considered one of the least restrictive in the industry. It strikes a balance among the interests of users, advertisers, and trademark owners by leaving it up to trademark owners to notify us of restrictions on their registered trademarks. Any entity that demonstrates to us that it owns trademark rights can request that its trademarked terms not be used in the text of Google ads.
We are committed to fairness and freedom of expression, and we recognize that the nature of political advertising is to inspire debate. We look forward to engaging in this debate in an open and transparent fashion, and we encourage political candidates and campaigns to contact our elections team with any questions they may have about our policies.
