Imagine a company that relentlessly scoops up data and turns it into useful information. It then makes the useful information available to consumers around the globe. How does it make money? It charges advertisers, then delivers targeted ads to consumers on the basis of what sort of information these consumers are trying to find. Further posit that this company was started with a philosophy that technology could change the world for the better. “You can make money without doing evil” is an explicit part of this philosophy. Now ask yourself: Is retaining months or even years worth of data about user behavior “evil” or is it merely a necessary aspect of providing all of that wonderfully useful information to consumers? Of course, Google is the company in question. Earlier this year Google announced that it would hold personally-identifiable user data for a period of 18-24 months. Peter Fleischer, the company’s Global Privacy Counsel, cited the nascent EU Data Retention Directive and potential US data retention laws as limiting Google’s ability to drop the retention period any further. Now Fleischer is promoting an information privacy policy framework that was created in 2004 under the auspices of Asia-Pacific Economic Cooperation. The APEC Privacy Framework (PDF) is advisory in nature, which is in keeping with the overall approach of APEC. From the APEC website:

Unlike the WTO or other multilateral trade bodies, APEC has no treaty obligations required of its participants. Decisions made within APEC are reached by consensus and commitments are undertaken on a voluntary basis.

In broad strokes, the APEC Privacy Framework calls for consumer access to personal data from organizations that gather such data about them. However, the Framework does not advocating rigid requirements for businesses that collect personal data. The words “practical” and “practicable” turn up 14 times in the 23-page document. It may be that Google figures the APEC Privacy Framework is in fact the most realistic approach to promulgating some sort of basic global understanding about information privacy standards. The European Union’s data retention policies are more specific than the APEC Privacy Framework, and arguably the EU is not necessarily a representative subset of the global economy. In contrast, APEC is much broader in the range of its member nations’ privacy traditions. According to its website, the following nations are APEC members:

Australia; Brunei Darussalam; Canada; Chile; People’s Republic of China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Republic of the Philippines; The Russian Federation; Singapore; Chinese Taipei; Thailand; United States of America; and Viet Nam.

China, Japan, Russia, and the United States stand out from this list. Perhaps ultimately Google is putting its weight behind the APEC Privacy Framework because it is nonbinding, essentially business-friendly, and stands the most chance of actually being adopted at a global level.

Advertisements