Privacy risks get real

When you think of “the usual” privacy risks you think of things like brand and reputation damage, fines, and increased regulations. You don’t think of jail time for executives. But jail time is exactly what some Google executives face if an Italian prosecutor has his way.

The arrest of Peter Fleischer, Google’s Paris-based Global Privacy Counsel, in Milan on January 23 stems from video that was briefly available on Google’s site in Italy. The video showed high school students bullying a classmate with Down Syndrome. Google took down the video in less than 24 hours after receiving complaints about it. The view of Milan’s public prosecutor is that permitting posting of the video for any period of time was a criminal offense. Fleischer and three other Google employees have been charged with defamation and failure to control personal information.

In our forthcoming report, Bob and I explore the contextual nature of privacy. Google clearly operates in multiple geographic and legal contexts. In the US, Google enjoys protections similar to those afforded “common carriers”. However, in Italy, Google is being treated as a content provider and not a content distributor, and thus is not receiving any such protection.

The contextuality of privacy requires that you evaluate your business from all relevant contexts. In this case, Google may find that it should have looked at its video services from the perspective of an Italian user as well as an Italian regulator. This examination from all relevant contexts would highlight not only conflicts between contexts (someone’s desire to publish a video versus a state’s definition of what constitutes offensive or inappropriate content) but also conflicts between contexts and the organization’s business model. Google’s business of allowing anyone to post a video is in this case colliding with an Italian regulator’s desire to treat Google as a content provider, holding Google to an unanticipated set of requirements.

There’s no way that a small privacy team will be able to know everything about every context the company does business in. To that end, a side effect of doing business in multiple contexts can be a budgetary one. Organizations may need to budget for external legal counsel, counsel that specializes privacy for the contexts they are working in to aid privacy teams in their evaluation of relevant contexts.

We don’t expect criminal penalties for privacy violations to become common, and it’s not at all clear that the action against Google’s executives will be sustained by the Italian courts. But that being said, we do expect privacy regulations to become stricter and subsequent penalties to become more severe. Privacy risks are getting real. Join us at Catalyst this summer and learn how to adapt, and thrive, in the face of this new reality.

(Cross-posted from Burton Group’s Identity Blog.)

One thought on “Privacy risks get real”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.