I ran across this issue earlier this year when I asked the CeBIT
Press Office to pass my contact information along to an exhibitor that needed it so I could set up a demonstration. The Press Office declined my request, explaining that European privacy laws prevented such a transfer of information, even though Im not an EU citizen. Late last year, when I visited the Lenexa, Kan., data center belonging to 1&1
, a German company, executives there explained that they couldnt perform offsite storage of European data in the U.S. or vice versa because of European privacy laws.
The privacy situation in Europe may be a pain in the neck for cloud services providers, but the EU takes it very seriously. Perhaps Europe's unique history has made its citizens especially sensitive after two devastating world wars and the cold war all within the span of one century, but they really dont want anyone, Google included, spying on them.
And ultimately, spying is exactly what Google has been doing. While the European Unions investigators have been too polite to call Googles spying what it really is, theres no question that the EU will demand (and ultimately get) Google to comply with its laws.
Of course, Google is taking flak from both sides of the Atlantic. The companys Street View cars collected WiFi data wherever they went, primarily because knowing the identity of a WiFi radio is a fairly reliable means of determining location (although it has its limits). But all that Google really needs is the SSID or the MAC address of the access point.
What Google got was a everything that was being transmitted between the AP and the mobile device using it when the Street View car went by. If the WiFi communication was encrypted, then Google didnt harvest any information, but most people dont encrypt their WiFi devices, and Google kept that data. While it was fragmentary, it was still harvested and put into Googles collection of data, where it was associated with everything else that was known about that access point.
When you have the Street View data, as well as data from Googles mail, Google Apps, Google Plus along with data from all of the other Google offerings and you associate it into a single data set, then you have more than you really need to know about someone. This is true even if you only collect the details about someones searcheseven if their searches are fairly innocent. Is the person looking for a new car? A source of baby food? Tax lawyers? All of these things add one more piece of data about the person using the service.