Some light on the problem with Google and the Italian Privacy Authority

Posted on February 25, 2010


As you might have read here at Googles official blog:

But in this instance, a public prosecutor in Milan decided to indict four Google employees —David Drummond, Arvind Desikan, Peter Fleischer and George Reyes (who left the company in 2008). The charges brought against them were criminal defamation and a failure to comply with the Italian privacy code. To be clear, none of the four Googlers charged had anything to do with this video. They did not appear in it, film it, upload it or review it. None of them know the people involved or were even aware of the video’s existence until after it was removed.

Nevertheless, a judge in Milan today convicted 3 of the 4 defendants — David Drummond, Peter Fleischer and George Reyes — for failure to comply with the Italian privacy code. All 4 were found not guilty of criminal defamation. In essence this ruling means that employees of hosting platforms like Google Video are criminally responsible for content that users upload.

The past hour (00:30 – 01:30, feb 25 2009) Elvira Berlingieri – who wrote this article and conferred with Google’s lawyer in Italy earlier tonight – and I have gone through the case, boiling it down to the simple “What is it that Google should have done to avoid this?”. Here is my raw version of the article/post that will be published by Elvira:

The problem is: Google is still responsible for all content published by their users, regarding the privacy of other people presented in a video, according to Italian privacy law.

There is no way in the Italian privacy law to have a “waiver of responsibility” for Google via their terms of service and privacy notice as they have it implemented now when users share other people’s data or faces in their videos without the others consent.

What Google should have done is this:

1) Force the user to explicitly choose to accept the terms of service regarding privacy and consent every time BEFORE he or she can upload a video or image
This message could read something like this: “It is forbidden to upload and publish videos or images containing  privacy sensitive matter regarding other people without these other people’s consent. By uploading a video without consent you might break your countries privacy law.
Click “OK” or a Checkbox to proceed <– some explicit action

2: Google should have asked the local – in this case the Italian – privacy authority for a formal opinion on how to cope when a user commits fraud by sharing other people’s data in their content, even though the user KNEW he/she was not allowed to, in the shape of pictures of their friends, or videos where other people are filmed – without those peoples consent
If the local privacy authority would have adviced extra measures then Google should comply with what the local privacy authority (Italian in this case) would have said

As a service, Youtube / Google can not individually check each video uploaded. The moment Google becomes responsible for each and every video published on their service, the service itself becomes endangered. And this does not cover Google alone. Each service on which you can publish content that might harm another person without their consent (Flickr, Vimeo, Facebook, Hyves, etcetera) moves in the same grey area Google does.

In this new situation, where the user actually commits fraud by knowingly doing something that goes against the rules set by the service, the responsibility of harming other people is placed at the user again.

This is important and relevant to avoid services – which are mostly neutral in nature (mean no harm) – from becoming legal targets and thus making it close to impossible to run. In other words: if a online service can not waiver the responsibility of what users put online to those users, you make it very hard to create anything like Flickr or Youtube at all. Without a waiver of responsibility and the high risk to get sued and/or arrested for what your users do and create, the web might become a very dull “read mainly” place for highly groomed “safe content”.

Posted in: Uncategorized