Last year, we signed a
settlement agreement with authors and publishers that, if approved by the court, will
unlock access to millions of books for anyone in the US. We reached another important milestone a few weeks ago, as University of Texas and University of Wisconsin-Madison announced new agreements with Google to broaden access to their collections under the settlement.
Recently, we've heard questions about our agreement and what it will mean for user privacy. Privacy is important to us, and we know it's important to our users, too. We have a strong
privacy policy in place now for Google Books and for all Google products. But our settlement agreement hasn't yet been approved by the court, and the services authorized by the agreement haven't been built or even designe
d yet. That means it's very difficult (if not impossible) to draft a detailed privacy policy. While we know that our eventual product will build in privacy protections -- like always giving users clear information about privacy, and choices about what if any data they share when they use our services -- we don't yet know exactly how this all will work. We do know that whatever we ultimately build will protect readers' privacy rights, upholding the standards set long ago by booksellers and by the libraries whose collections are being opened to the public through this settlement.
I think most people have overlooked the arguments in the an analysis of IP addresses and URL I have made avaliable from the home page of www.amberhawk.com.
ReplyDeleteIn summary, the data protection analysis (attached) that shows that URLs and IP addresses can become personal data, unambiguously.
It means that any individual user of the Internet can, at any time, seek the protection of a data protection regime by providing the necessary identifying details to any organisation that stores their IP address or URL.
Organisations that use such data will have to adjust their procedures to take account of the reality that any subsequent processing of URLs or IP addresses, can be, at any time the processing of personal data.
The process, in my view, puts the internet user in charge of his own privacy.
A full legal analysis is presented in the context of the UK’s Data Protection Act and includes advice for service providers, for data subjects, and discusses possible counter arguments. This analysis is valid for countries where the national data protection legislation is based on the Data Protection Directive 95/45/EC or on the OECD Guidelines; Google’s privacy policy suggests that the analysis applies to it.
Chris Pounder