Google Violating Internet Privacy Laws, Another Government Authority Alleges
Google has faced a number of controversies surrounding Internet privacy laws as various IT security research firms, rivals including Microsoft and Apple, and even government agencies have leveled accusations against the way it stores and uses personal information from its clients. Most recently, the Norwegian Data Protection Authority has claimed that Google Analytics violated the country's privacy laws while providing services to the Norwegian Tax Administration and the State Educational Loan Fund.
Violating consumer privacy intentionally or unintentionally could bring serious repercussions for Google as well as the vast number of small and midsize firms Google has courted to its Google Apps services among many of its products. This is why the complex and evolving privacy and security landscape is a growing concern for IT managers.
As per Norwegian law, organizations employing analytics solutions are allowed to collect user information for statistical purposes only, They may not use the information to track down users. But as the Norwegian Data Protection Authority's preliminary findings report, data or IP (Internet Protocol) addresses collected using Google Analytics can be traced back to original users. And since the two agencies do not have sufficient control over how Google Analytics treats IP addresses, these organizations might have used the information for things other than measuring web traffic. The authority now requires written documentation from the two agencies to prove this was not the case.
The Tax Administration authority also has requested that Google assist in providing the Norwegian Data Protection Authority with the documentation it requires.
Privacy and Security: Bigger Problems for Small and Midsize Business
Government agencies around the world are not only raising concerns, but at least one has already filed charges against the tech giant; a recently published Midsize Insider report documents how the U.S. Federal Trade Commission (FTC) fined Google a record $22.5 million for privacy breach of Safari users. Google agreed to pay the fine but claimed the mistake was made due to negligence, not malicious intent. And now with the privacy violation accusation involving Google Analytics in Norway, the company will face further damage to its integrity with regard to private information.
However, fines even as big as $22.5 million are more of a rounding error for a big company like Google, considering its $12 billion in pretax earnings for last year. But should a small or midsize business organization using Google Analytics or any other Google service face the same predicament, a similar punishment or a heavy fine would be much more damaging considering the low revenues and economic crunch already hampering the business of many smaller firms.
This news comes as a wake-up call for IT managers and CEOs at small and midsize firms. They must ensure that every service or technology solution used to collect consumer information complies with the privacy standards set by authorities.
It also comes as a rude reminder that small and midsize firms cannot depend solely on their vendors for the security and privacy of their client's information. Small and midsize firms must dedicate the resources to ensure internal audits and management of security and privacy even when using services from so-called respected brand names. Small and midsize businesses cannot afford to cut corners on privacy and security in the name of cost savings, as such an approach for them could prove more devastating in the long run.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.