RSAC: Facebook and Google could be hit hard by EU Data Protection rules

A panel of privacy officers at RSA Conference in San Francisco have identified that there will be likely repercussions due to the upcoming European Data Protection changes.

The panelists acknowledged the challenges of launching and maintaining privacy within their environments. Keith Enright, legal director for privacy at Google called the development of Google Glass as “a tremendous learning experience” and said that launching something that allows technologies into someone’s lives was “evolutionary and wildly disruptive”.

Erin Egan, chief privacy officer at Facebook, said that it had built in privacy controls in case people were worried about it, but it was about honoring an audience setting and as Facebook evoloves it wanted “to make sure people were not surprised, but if they don’t like it they have a way to deal with it”.

Asked if Facebook had found a way to control the “malware industry of clickjacking”, Egan said that this was against its terms and if it found it then it actively enforces it, however no-one on the product side had found any interest on it and nothing was revealed on a user survey, it had not “risen to the top and contravening concerns”. She said: “We have not seen a strong push from people for that feature.”

Asked about Government legislation both in the UK and in the USA, Brendon Lynch, chief privavy officer at Microsoft, said that recent moves were a “continuation on conversation rather than a start”, and it had been on record for ten years with the Government enabling Federal privacy, and had a good dialogue to get something of a balance between privacy and innovation.

Egan called it an important model for international regimes and it brings new ideas into conversation and said she hoped that legislators look to the White House to see what they have done.

She said: “The US regime on privacy is strong, and we have a robust privacy regime and important messages we want our international counterparts to understand and the US should not be apologetic on legislation.”

Asked about the impact of EU’s planned data protection changes on global internet models, Enright said that it was committed to providing the best product and service to every Google user, and the best tools and security and there was no intention of fragmenting it for places as the law requires it.

“But we do have to take a hard look in order to satisfy demand from a certain country, so we may end up with fragmentation and if we learn from EU regulators of a better form of privacy, we will make it available to users around the world,” he said.

Egan said that Facebook complies with EU data protection law as it is based in Ireland, and she said that the risk is not EU v USA, but more that there are 28 member states and 28 different member states and potentially 28 different frameworks which will be big for Facebook, and for small application developers around the world.

The post RSAC – EU Data Protection could force changes for Facebook, Google and Microsoft appeared first on IT SECURITY GURU.