Public Policy

Proposing a framework for data protection legislation

For nearly two decades, people around the world have used Google to find answers, communicate, build businesses, and more. Our users have long entrusted us to be responsible with their data and we take that trust and responsibility very seriously.

Our investment in privacy and security is evident in every product we build, including the powerful tools we provide to help our users make decisions about their data like the Privacy Checkup. Google products and features cannot launch until they are approved by the specialists in our Privacy and Data Protection Office, which solicits input from across Google, as well as periodically from users and experts worldwide. And our broad commitment to transparency is evident in our newly-refreshed Privacy Policy, which includes informative videos that explain our practices and settings, as well as tools like My Activity that provide detailed information about the data in a user’s Google Account and options for how to control it. Since 2010, our Transparency Report has provided information on how the policies and actions of governments and corporations affect privacy, security, and access to information.

I’m proud of the work we do at Google. That’s why, after almost a decade leading Google's privacy legal team, I've recently agreed to take on the role of Chief Privacy Officer. In this role, I set the priorities for the privacy program at Google, including continually challenging ourselves to make sure our privacy and security tools, policies, and practices are as user-focused as every other aspect of our business. My team’s goal is to help you enjoy the benefits of technology, while remaining in control of your privacy.

This is an important time to take on this new role. Now, more than any other time I have worked in this field, there is real momentum to develop baseline rules of the road for data protection. Google welcomes this and supports comprehensive, baseline privacy regulation. People deserve to feel comfortable that all entities that use personal information will be held accountable for protecting it. And we believe that regulation can support a dynamic marketplace for businesses of all types and sizes.

Today, we’re sharing our view on the requirements, scope, and enforcement expectations that should be reflected in all responsible data protection laws. This framework is based on established privacy frameworks, as well as our experience providing services that rely on personal data and our work to comply with evolving data protection laws around the world. These principles help us evaluate new legislative proposals and advocate for responsible, interoperable and adaptable data protection regulations. How these principles are put into practice will shape the nature and direction of innovation. You can find more detail in this PDF.

Sound practices combined with strong and balanced regulations can help provide individuals with confidence that they’re in control of their personal information. I look forward to discussing these principles and Google’s work on privacy and security with the U.S. Senate later this week, and to working with policymakers and all stakeholders on regulation that protects consumers and enables innovation.