Information & Ethics Committee on Nov. 25th, 2010

Thank you for that question.

To clarify what I said, when I called the Privacy Commissioner in May to advise her of this unfortunate circumstance, I asked her what she wanted done with the data then. She asked that we preserve the data because perhaps she wanted to launch an investigation or review it in some manner. In fact, her office did launch an investigation and did review the data. We held on to the data at that time.

At the same time, conversations like this were happening in other places in the world. A level of analysis was done at that time in those other places. Where it was deemed appropriate by the local data privacy authority, and where it was deemed appropriate under the various legal systems, data was deleted.

We are now x number of months down the road, and we need to do that analysis given the circumstances of today, not the circumstances of May.

No, I didn't say that.

Yes.

We received the Privacy Commissioner's interim letter of finding, which the committee has in its possession, and which she released to the press and to the committee in October. It asked that we delete the data as soon as we had assured ourselves that we are able to do so under Canadian and U.S. law.

That's correct.

I wouldn't want to speculate on that. Ultimately, our objective is to delete all the data. We didn't want it in the first place, and we don't want it now, but we don't want to delete it prematurely and cause more headaches.

I won't speculate on the outcome of any particular litigation.

I can tell you that it's something we would object to producing in a court proceeding, precisely to protect the privacy of the people whose data were mistakenly collected. There would be an irony to class action litigants demanding the production of data that they allege contains private data, but I can't speculate on what tactics any person, litigant, or regulatory authority might take.

The point is that we would certainly object to the production of any of this in court, I can tell you that.

Thank you. That's an excellent question. I'm very glad to have a chance to answer it in more detail.

What the member said about making sure that you know what you don't know and that you know who to ask is very key to the training and the process improvements we're putting in place. It's very important for us to educate all of our engineers and product managers, but we're not going to be able to make them international experts in all aspects of privacy. If we were to aim to do that, it would not be setting up to succeed.

Above all, we want to educate them to not try to figure this out for themselves. Privacy is a complex topic, and addressing it properly within Google--or anywhere, really--requires a wide variety of expertise. It requires expertise in law, obviously and most certainly. It requires technical expertise to make sure there's a clear understanding of what exactly the technology is doing, what the systems are doing, and what the potential of that technology is. It requires expertise in the psychology of user understanding: of how the people who are going to interact with products will understand the options available to them. And it requires expertise in policy and communications in all of these things.

A very important point we will be making over and over again in our training is that individual engineers should never be making these judgment calls by themselves. We want to educate them on the privacy landscape and privacy concerns.

We want to very much educate them on Google's own articulated privacy principles of transparency, control, and responsible stewardship above all, but we also want to educate them very, very strongly and reinforce that education in many ways on the improved processes we are putting in place, to make sure that those fail-safes are there, that the thoughtful review is in place, and that individual engineers don't try to “lawyer” questions by themselves.

For newly hired engineers, we expect to give them a significant session of privacy training within their first two weeks at the company, before they would be writing any code, before they would be starting on any product development. With that initial training, we expect to lay a lot of the seeds in place in putting the framework in place for them to know who they are supposed to talk to and when, to know where the resources are internally to help them understand privacy and to understand our privacy processes, and where those are quickly and easily found--all of those aspects of who they should talk to.

For engineers going forward, for the people who aren't going to be hired next week or the week after that to come in through this initial training, we will be doing follow-up training. But above all, I think, the process, which we are enhancing and optimizing now, and the training have to really be two halves of the same coin that will reinforce each other and work closely together.

The process will force engineers to engage with the training at various parts of their project's life cycle. As they are expected to engage with the process, then the training is there to tell them how to do so and to provide them help to enable them to do so. The goal is very, very much for those two aspects to strongly reinforce each other to make this as effective as possible.

Thank you for asking for that clarification. No, we are not talking about analyzing the data. Google has no interest in trolling through the data, as we've said from the beginning, so thank you for allowing me the opportunity to clarify.

I think this is just a poorly worded sentence, and you should take it at face value, which is that we're doing the analysis that the Privacy Commissioner and our own due diligence require of us, which is to ensure that we're in a legal position to be able to delete the data, as I've described to a number of members of the committee.