Public and private sector contracts should prohibit profiling and exploitation of user data
Today, in response to the European Commission’s actions against Google finding that the company has abused its dominant share of Europe’s online search market and launching a formal investigation into Google’s Android platform, SafeGov.org calls the following three conclusions to the attention of public and private sector users:
- The Commission’s action to serve Google with a Statement of Objections is an important step toward restoring European online competition. Europe will not and cannot close its vast market for online services to American innovation. But Europe has the right to insist that all participants in the market obey its basic competition laws, which do not fundamentally differ from those of the United States.
- The Commission’s case has clear implications for business and education users. The targeted advertising that is at the heart of Google’s economic model depends upon Google’s ability to observe and analyze the online behavior of its users. This model is not illegitimate, so long as consumers understand that they are being profiled and have given their unambiguous consent. But as SafeGov has argued on many occasions, it is not an appropriate model for highly regulated verticals – especially those where the privacy of individual users is of heightened importance, such as schools, law enforcement and other government agencies, and health care providers. Our research indicates that many European Data Protection Authorities support the view that these sensitive populations require additional protections.
- There should be no room for lack of clarity in public and private sector contracts. All organizations that procure cloud services should insist that their contracts explicitly forbid any exploitation of user data for profiling, ad targeting, market research or other purposes that they have not expressly authorized. Requiring cloud providers to comply with recognized international data privacy standards such as ISO 27018 is a recommended best practice.
In the months ahead, as the European Commission pursues its prosecution of Google’s conduct in the online consumer search and Android markets, SafeGov.org will continue to highlight the broader issues raised for public and private sector organizations using cloud services.
Link to our press release: SafeGov.org statement on European Commission action against Google, Inc.safegoveu