> When it comes to privacy and PII, Google holds itself to an extremely high standard.
With all due respect, but you've gotta joking.
Google doesn't even hold itself to the standards set by the laws in countries it operates in. Laws that are for now still full of loopholes Google happily exploits with zero restraint, despite knowing full well (not in the last place because they've been warned on a regular basis) that this at the very least violates the intent of those privacy laws.
Also, Google has been actively lobbying against privacy protection laws in the EU for several years now.
Considering that, for years, Facebook had a universal password that would log you into anyone's account, I'd say that Google's standards are significantly higher than other players in the social sphere.
Well, the claim was that Google's standard is higher than that of (some) other actors, so the behavior of the other actors is kind of directly relevant...
From my experience interning twice at Google, I was very impressed by their standard for privacy and the protections they had put in place. They have teams dedicated to just researching ways to improve information security.
Two projects I found fascinating:
1) A system that analyses all attempts and actual accesses to user data by employees (this access it self was very regulated on a need-only basis), determining whether the given user that was accessed falls somewhere within the employee's likely social graph, and flagging anything suspicious to their security team. So if an employee tried to view their ex's info, or their friend's roommates info, etc. the system would auto-flag them and an investigation would likely result in that employee being immediately terminated.
2) Much of Google's data is accessible by many production services. This is a security weakness, however, there was a project to make the data layer enforce security constraints so that applications could only access data relavent to them, and additionally also enforcing security on a user-level (so an app could only access that user's data if it had an access token for that user). Mind you, this is not even limiting admin access, this is actually preventing the code from accessing the data even if the app's built-in security features fail.
| Also, Google has been actively lobbying
| against privacy protection laws in the EU
| for several years now.
Don't some of those same laws have data retention requirements[1] or are those separate laws?
[1] Could be a requirement or a limitation. If your company keeps data indefinitely, then maybe a law saying, "everyone keeps records 2 years, then destroys them" is a limitation. On the other hand, if you retain no information, then it's an extra burden, and an erosion of privacy.
Not all laws in all countries are worth holding oneself to. For example, Russia has official internet censorship, does it mean Google should now support censorship too because some country has laws about that?
By what legal standard should Google be held, then? Are you really advocating the multinational/Internet companies pick and choose what laws they follow according to their own needs and whims?
I'm not advocating anything like that. I'm saying before criticizing Google for trying to avoid or change the laws, it may be useful to consider if these laws are actually good idea. If they are not, all props to Google for trying to circumvent or repeal them.
I do not see why one needs "legal standard" to evaluate somebody's actions. Why not use the standard that is supposed to be the base for the legal standard instead? If in some country it is illegal to publish links that the government thinks are inappropriate, and Google doesn't like it - why would we consider Google being in the wrong?
It is a matter of law - means the government wants to enforce it. But why I have to agree with it? I do not have any obligation to respect anything the government of Russia or Iran does.
In an online chat discussion? Google should be held to the standards of decency described by the poster himself.
Stating, "Google is not good at privacy because they violate some law and I like that law." Is a perfectly valid argument.
Stating, "Google is bad because it doesn't follow a privacy law I won't describe, in a random country I won't name." Does not advance the conversation in any meaniful way.
Whats wrong with lobbying against the laws which you think are bad? In a democratic process, you can (and do) end up with laws which are crappy/outdated/unjust. Lobbying is a legitimate way to tackle this problem.
You just made my general point in a specific use case. Anyone (individuals, groups of individuals, corporate entities...) should have freedom to voice against laws they don't like.
With all due respect, but you've gotta joking.
Google doesn't even hold itself to the standards set by the laws in countries it operates in. Laws that are for now still full of loopholes Google happily exploits with zero restraint, despite knowing full well (not in the last place because they've been warned on a regular basis) that this at the very least violates the intent of those privacy laws.
Also, Google has been actively lobbying against privacy protection laws in the EU for several years now.