Google executives are realizing that penalties for privacy breaches, like those it acknowledged involving its Street View project, do matter, if only because of the reputational risks, David Streitfield and Claire Cain Miller report in Thursday’s New York Times.
In the culmination of a two-year investigation into whether its Street View mapping project violated privacy protections, law-enforcement officials told Google this week to shape up. Again.
Google has repeatedly redefined how people communicate and acquire knowledge in the 21st century, and it has repeatedly been accused of breaking the rules in the process. The company says it has taken its mistakes in the case to heart and has already changed. Never again, it says, will a midlevel engineer be able to do anything like what one did in Street View: start a program to scoop up data from potentially millions of unencrypted Wi-Fi networks around the world, without his bosses knowing.
To make sure of this, a coalition of 38 states has drawn up numerous specific steps for Google to take, ranging from educating its engineers to educating its lawyers. Whatever Google was doing before to improve its privacy controls was not enough, the states say.
Google’s internal compliance will not be directly monitored. But if states feel Google is not upholding its side of the deal, they can bring the matter up to the executive committee that brokered the deal, including the attorneys general of Illinois, Massachusetts and Texas.
Some privacy experts think the program has a fair chance of success. “This gives me some glimmer of hope that going forward, the culture of Google will include more privacy by design,” said Joseph L. Hall, senior staff technologist at the Center for Democracy and Technology. “Then they could do things in an innovative way on the front end that won’t result in needing to beg for forgiveness later.”
Still, it is difficult to make changes in an extremely successful technology firm.