Google Outlines How it Handles User Data Requests, Pushes for Reforms
In honor of Data Privacy Day, Google this morning offered some more insight into how it handles government requests for your data, and pushed Congress to update an outdated law that covers how the feds can access your information.
Google said it scrutinizes every request carefully to make sure it’s in line with its policies. “For us to consider complying, it generally must be made in writing, signed by an authorized official of the requesting agency and issued under an appropriate law,” the search giant said in a blog post.
The info comes several days after Google released an update to its Transparency Report, which included a breakdown, for the first time, of how U.S. government officials requested data from Google about its users: subpoena, search warrants, or court orders.
Overall, user data requests have jumped more than 70 percent since 2009, Google said last week. In total, Google received 21,389 requests for information about 33,634 users in the last six months of 2012, most of which – 68 percent – were subpoenas.
“We evaluate the scope of the request,” Google said today. “If it’s overly broad, we may refuse to provide the information or seek to narrow the request. We do this frequently.”
When appropriate, Google said it will notify the user who is the subject of the data request “so that they can contact the entity requesting it or consult a lawyer.” In cases where the user is not contacted, Google is usually legally prohibited from doing so, or they don’t have verified contact details.
In cases where government agencies are conducting criminal investigations, Google requires a search warrant before the feds can get their hands on a user’s search history or private content like stored Gmail emails, YouTube videos, or documents on Google Drive.
“We believe a warrant is required by the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA [Electronic Communications Privacy Act],” Google said today.
All this information is outlined in a new section on Google’s Transparency Report page.
“We’re proud of our approach, and we believe it’s the right way to make sure governments can pursue legitimate investigations while we do our best to protect your privacy and security,” Google said.
Overhauling the Outdated ECPA
Speaking of the ECPA, meanwhile, several groups – including Google – are using Data Privacy Day to call for reforms to the bill. The ECPA was first enacted in 1986, well before the Internet, email, or smartphones. As a result, lawmakers have been pushing an update to make it more in line with today’s realities.
In 2011, for example, Sen. Patrick Leahy unveiled an overhaul to the ECPA that would require the government to obtain warrants before accesssing email and other cloud-based data. The Senate Judiciary Committee approved an update to the bill back in November, but it was not approved by the full Congress by the end of the session. As a result, it will have to be re-considered by both chambers this year.
“For several years we have advocated for updating laws like the U.S. Electronic Communications Privacy Act, so the same protections that apply to your personal documents that you keep in your home also apply to your email and online documents,” Google said. “We’ll continue this effort strongly in 2013 through our membership in the Digital Due Process coalition and other initiatives.”
“The single most important privacy issue for this Congress is to address glaring deficiencies in the ECPA. Data stored in the cloud should receive the same protections as data stored at home on a PC,” Daniel Castro, a senior analyst with the Information technology and Innovation Foundation (ITIF), said in a statement today.
“Congress must take that last step and turn the bill into law. It is the right thing to do for business, it is the right thing to do for innovation, and it is the right thing to do for civil liberties,” CCIA president and CEO Ed Black chimed in. “Senator Leahy must be congratulated and thanked for his work so far, and encouraged to finish the work. There can’t be a better week than this one marking Data Privacy Day to take those final steps.”
By Chloe Albanesius, PCMag