Google Names New Privacy Chief, Offers Framework for Regulation

(Bloomberg) -- Alphabet Inc.’s Google tapped its longtime privacy lawyer, Keith Enright, to become chief privacy officer as the company proposed policies for potential federal regulation of data.

In his new role, Enright will be in charge of crafting Google’s strategy on privacy issues at a time when tech giants are facing rising pressure in Washington to take more precautions in how they handle users’ personal information.

"My team’s goal is to help you enjoy the benefits of technology, while remaining in control of your privacy," Enright said in a blog post Monday.

Enright is already set to testify Wednesday before the Senate Committee on Commerce, Science and Transportation. The panel’s chairman, Senator John Thune, a South Dakota Republican, has said he wants to propose legislation on privacy. Executives from other tech companies such as AT&T Inc., Amazon.com Inc., and Twitter Inc. are also scheduled to appear.

Like its tech peers, Google is generally resistant to regulation. But in a framework for data protection legislation Google published Monday, the company embraced at least a minimum level of oversight or new rulemaking from Washington.

"Now, more than any other time I have worked in this field, there is real momentum to develop baseline rules of the road for data protection," Enright wrote. "Google welcomes this and supports comprehensive, baseline privacy regulation."

Google argues that consumers should have the right to have their personal data "corrected, deleted, and made available for export in a machine-readable format" when it’s "practical." The framework also supports ways for companies to be transparent with consumers about how and why they collect, use and disclose information, as well "reasonable limitations" on those practices.

Several of the Google’s proposals have become common among industry bids to influence any coming regulation from Washington, and would be less onerous than what many vocal privacy advocates would like to seek.

Google also proposes to charge companies that share data with outside "processors" with the responsibility of meeting "certain obligations under the law, including transparency, control, and access," while putting the processors in charge of security.

Sharing data with third parties is widespread, for example in the case of shipping, but Google has endured increasing criticism from lawmakers in recent months for the breadth of the information that processors can access on its customers, including app developers’ ability to scan emails.

Other internet platforms, such as Facebook Inc. and Twitter, which have also come under pressure over data privacy in recent months, have said they would embrace the right regulation, without specifying much about what that would look like.

The Internet Association, an industry trade group that counts Google as a member, released its own principles earlier in September, and the powerful U.S. Chamber of Commerce has also abandoned its usual distaste for regulation in proposing its own principles.

Industry groups have routinely cited Europe’s tough new privacy regulations and a strict law that’s poised to go into effect in California as spurring the need to consider federal legislation. They would like Washington to pre-empt state efforts to put in place their own broad new rules, which could vary widely and create compliance headaches.

Business groups are weighing in on privacy as tech companies face greater scrutiny in Washington over their data practices following revelations earlier this year that Cambridge Analytica, a political consulting firm, obtained information on millions of Facebook users without their permission, through the maker of a personality app.

©2018 Bloomberg L.P.