Google announced a new Chief Privacy Officer as Keith Enright, yesterday, who has served a decade at leading Google’s Privacy Legal team. Enright has always been heavily involved in speaking out regarding Google’s Privacy and Security regulations.
As a Chief Privacy Officer, Enright will be responsible for setting the privacy program at Google. This includes updating the security tools, policies, and practices as user-focused. “My team’s goal is to help you enjoy the benefits of technology while remaining in control of your privacy” mentions Enright in the Google outreach page.
Google has already been taking measures when it comes to security as it launched a “Protect your Election program”, last month, which included security policies to defend against the state-sponsored phishing attacks.
“This is an important time to take on this new role. There is real momentum to develop baseline rules of the road for data protection. Google welcomes this and supports comprehensive, baseline privacy regulation. People deserve to feel comfortable that all entities that use personal information will be held accountable for protecting it” as per the Google blog.
Lately, there’s been a lot of companies raising voice against security-related issues. For instance, YouTube’s CBO and German OpenStreetMap, spoke out against the Article 13 of EU’s controversial copyright law.
In light of organizations citing EU’s privacy laws as strict, Enright proposed a new Privacy framework which includes Google’s view on the requirements, scope, and enforcement expectations in data protection laws. This framework has been established using privacy frameworks, and the services that depend on personal data. Also, it will be complying with the evolving data protection laws around the world.
“These principles help us evaluate new legislative proposals and advocate for responsible, interoperable and adaptable data protection regulations. How these principles are put into practice will shape the nature and direction of innovation”, says Enright.
Principles in the new framework are based on established privacy regimes. These are applicable to organizations which are responsible for making decisions about the collection and use of personal information. Enright will be discussing the principles in the framework and Google’s work on privacy and security with the U.S. Senate later this week.
The new framework states the requirements, scope, and accountability in data protection laws as follows:
- Collecting and using personal information responsibly.
- Maintaining Transparency is mandatory for helping individuals be informed.
- Placing reasonable limitations on the means of collecting, using, and disclosing personal information.
- Maintaining the quality of personal information.
- Make it practical for individuals so that they can control the use of personal information.
- Giving individuals an ability to access, correct, delete and download personal information if it’s about them.
- Requirements needed to secure personal information should be included.
Scope and Accountability
- Holding organizations accountable for compliance.
- More focus on the risk of harm to individuals and communities.
- Direct consumer services should be distinguished from enterprise services.
- Personal information should be defined flexibly to ensure the proper incentives and handling.
- Rules should be applied to all organizations that process personal information.
- Regulations should be designed for improving the ecosystem and accommodating the changes in technology and norms.
- A geographic scope that accords with international norms should be applied.
- Encouraging global interoperability.
“Sound practices combined with strong and balanced regulations can help provide individuals with confidence that they’re in control of their personal information,” says Enright.
For more information, check out the official framework.