Google privacy convictions in Italy spark outrage
Suspended sentence for three execs over video posting is troubling, say privacy advocates
Computerworld - An Italian's judge's decision today to impose six-month suspended jail sentences on Google Inc.'s global privacy counsel, Peter Fleischer, and two other company executives over a video showing the bullying of a disabled teenager has evoked outrage in the privacy community.
Privacy advocates in the U.S and Europe called the sentence extremely troubling and said it creates a dangerous precedent. The case is believed to be the first time a privacy executive has been held accountable for his company's actions.
Italian Judge Oscar Magi in Milan imposed the sentence and fines on Fleischer, Google Chief Legal Officer David Drummond and George Reyes, a former Google board member. The three executives and a fourth Google officer had also been charged with criminal defamation, but were found innocent by the judge.
The case arose from the posting of a video on Google's Italian Web site in September 2006 that showed the bullying of an autistic boy by a group of teenagers in Turin. Under European law, Internet service providers are not responsible for third-party content but are required to remove any content considered offensive if someone complains about it.
Google received two complaints about the three-minute video, including one from the Italian Interior Ministry, and promptly took it down less than 24 hours after it was posted.
In a blog post today, Matt Sucherman, Google's vice president and deputy general counsel for Europe, the Middle East and Africa, noted that the company had worked with law enforcement authorities in Italy to help identify who had uploaded the video.
"In these rare but unpleasant cases, that's where our involvement would normally end," Sucherman wrote.
The fact that the executives were still charged with -- and convicted of -- violating Italy's privacy laws "sets a troubling precedent," said Trevor Hughes, executive director of the International Association of Privacy Professionals (IAPP). What makes it especially troublesome is the fact that the video -- like other Google videos -- was posted almost certainly without the direct knowledge or consent of Fleischer or any of the other executives, he said.
"None of the individuals had any idea what was happening. None of them had acted either affirmatively or passively," to upload the video, he said. To hold them directly responsible "raises troubling questions about the liability of privacy professionals, and, really, any employee... about who is liable when user-generated content is produced online."
Richard Thomas, former United Kingdom information commissioner, called the decision "ridiculous" and said it "brings privacy laws into disrepute."
"I cannot conceive that a similar case would result in a similar sentence in the U.K.," said Williams, who is currently an adviser to law firm Hunton & Williams LLP's Centre for Information Policy Leadership in London. "It seems to me very strange to convict individual directors who have nothing to do with the posting of the video."
He said it's interesting that the prosecution came not from Italy's data privacy and data protection authority, but from criminal prosecutors.
"The body which is the specialist in privacy laws was not the prosecuting body," he said. "This conviction was secured in the name of privacy laws, but it was not brought by the privacy authority." He added that he hopes this will be a "one-off case."
Rocco Panetta, a partner at Italian law firm Studio Panetta & Associati in Rome, said that it's important to understand the motivation behind the sentence before criticizing it. Though it's uncommon to have this kind of a punishment over a privacy violation, Italian data protection laws allow for it, Panetta said. The judge imposed essentially the minimum sentence available under the law for the kind of privacy violation Google executives were charged with.
The judge might have hoped to spark a "new discussion around the problem of free uploading of video without any controls or filters," Panetta said. "The problem here is we have an issue that is wider than the Google case."
The underlying issue is what kind of rules are needed to ensure that the right to free speech online doesn't infringe on privacy rights, he said. "That debate will be more important than the punishment in this case," he said.
Panetta added that he is certain that none of the executives who have been sentenced today will serve jail time.
Google's Sucherman, meanwhile, noted in his blog that the company will appeal this "astonishing" verdict. "In essence, this ruling means that employees of hosting platforms like Google Video are criminally responsible for content that users upload," he said. "It attacks the very principles of freedom on which the Internet is built," he noted.
According to Google's blog, the search company also assisted local police in identifying the person who uploaded the video to YouTube. The girl received a 10-month community service sentence by a court in Turin. Given the same sentence, were "several other classmates" who were also involved in the production of this "totally reprehensible" video, Google said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts