Google is under the spotlight again, and this time for something seemingly innocuous: the Privacy Rights Clearinghouse in the US is calling for the search engine giant to display a link to its privacy policy from the homepage. Surprisingly, when most credible websites have a link to their privacy policy from the homepage, Google doesn't. Google argues that the policy itself - which isn't the problem in this debate - is easily accessible with just a few clicks (or I suppose you could Google it...).
Whilst it might not apply in this particular case (I don't know what Google's reasons are for refusing to provide the link), the story highlights a problem for global companies: how to maintain a consistent privacy approach across multiple jurisdictions. A privacy policy that complies with US law might not be good enough for Germany or Canada. A policy complying with German requirements could leave a company handicapped when operating in territories where privacy laws are more permissive and customers either don't expect the same degree of privacy protection, or expect to achieve it through a different cultural approach. This is one of the big challenges for a privacy professional, and yet another reason why the subject is in fact very different indeed from information security.