June 2013 Bar Bulletin
Skip Navigation Links
CLE / Education
For Lawyers
Legal Help
Special Programs
MyKCBA Login

June 2013 Bar Bulletin

Going Global, Going Local: Doing Business outside the U.S. Has Impact at Home

By Chris Pothering


When Google changed its terms and conditions in March 2012, the message Google sent its users was that the new privacy policy would give users a "simpler" experience and allow them to use their settings across all of Google's 60-plus services, including when they signed up for a new Google-owned service.

What Google didn't tell its users was that the new policy would share the user's information across all Google services, which then allowed Google to compile users' data to create detailed and secret profiles of Google users. Google would then make information about its users available to advertisers on any other Google service for the purpose of targeting ads to particular users.

Here in the United States, the new policy raised eyebrows and objections from state attorneys general (led at that time by then-Washington Attorney General Rob McKenna), members of Congress and groups across the private sectors. The Federal Trade Commission (FTC) also was interested in the new privacy policy as the FTC had recently fined Google $22.5 million for violating the terms of a settlement agreement with the FTC pertaining to user privacy and security of personal information.

But in the European Union (EU), regulators not only took note of the new policy, but the EU's 29 data privacy regulators also launched an investigation and criticized Google's new policy because it results in the unrestricted and unregulated use of personal data of users without the users' clear consent. The initial inquiry was led by the French data protection commissioner (CNIL), who provided several recommendations to Google to make changes to the new policy. The CNIL heavily criticized Google and said Google "provides insufficient information to its users on its personal data processing operations," fails to inform users on how long the individual's personal information will be stored, and provided for "uncontrolled" combination of data across Google's services.

At that time in 2012, the CNIL only gave recommendations and did not make any demands on Google. However, this April, data protection agencies in six EU countries announced that they were filing enforcement actions against Google after Google ignored the CNIL's recommendations. These enforcement actions are continuing to have an impact in the U.S.

The EU has a much higher standard for protecting consumer data privacy than we have here. These stricter EU policies influence U.S. data privacy regulation and practice through the EU's regulation of companies that are transferring data from the EU to the U.S. The EU prohibits entities that collect information on individuals from transferring such data to the U.S. unless the transfer is covered by the U.S.-EU Safe Harbor.

The Safe Harbor sets out seven principles to which U.S. entities must adhere to allow for transfer of an individual's information from the EU to the U.S. These principles cover:

(1) providing individuals with adequate notice regarding the purposes for which the organization collects and uses the information ("Notice");

...login to read the rest of this article.

Return to Bar Bulletin Home Page

KCBA Twitter Logo KCBA Facebook Logo KCBA LinkedIn Logo KCBA Email Logo

King County Bar Association
1200 5th Ave, Suite 700
Seattle, WA 98101
Main (206) 267-7100
Fax (206) 267-7099

King County Bar Foundation Home Page

Charitable Arm of the Bar

Jewels Page

Pillars of the Bar Page

All rights reserved. All the content of this web site is copyrighted and may be reproduced in any form including digital and print
for any non-commercial purpose so long as this notice remains visible and attached hereto. View full Disclaimer.