Privacy International complaint about GMail
EDRI member Privacy International has filed complaints about Google’s proposed new Gmail service with privacy and data protection regulators in 17 countries in Europe, Canada and Australia. The complaint identifies a large number of possible breaches of EU law. These include: stability of the contract, security of data, interception and disclosure of content, subject control over data, searching of e-mail content, indefinite retention, confidentiality, third party issues, offshore processing of data, consent issues and the treatment of sensitive data.
Privacy International is requesting from national data protection commissioners “to assess this type of service with a view to ensuring that all necessary protections and safeguards required by the EU Data Protection Directive and national laws have been implemented. While we understand that the Gmail contract may be freely entered into by customers, and that Google has provided a degree of openness about its intentions, the conditions must be in place to ensure that privacy rights are protected.”
“Google may monitor, edit or disclose your personal information, including the content of your e-mails, if required to do so in order to comply with any valid legal process or governmental request”. The term request remain undefined.
Privacy International writes: “We believe the Gmail service involves significant and far-reaching privacy implications. The precedent set by the service, its enhanced functionality and the likelihood of unexpected future changes to the system require serious consideration of data protection issues. We urge you to prospectively investigate this system with a view to establishing appropriate privacy safeguards.”
Privacy International complaint (19.04.2004) http://www.privacyinternational.org/issues/internet/gmail-complaint.pdf
Google: About Gmail http://gmail.google.com/gmail/help/about.html