• by Wendy Davis  @wendyndavis, June 4, 2008

Whether Google compromises searchers' privacy by holding onto their Internet protocol addresses for too long has been subject to intense debate for at least the past year. But in the past week, the company has come under fire from privacy advocates for another reason: It doesn't post a link to its privacy policy on its home page.

The issue could land Google in hot water in California, where a law requires Web companies to conspicuously post their privacy policies. The California Online Privacy Protection Act specifies that companies can comply by linking to the policy from their home pages.

On Tuesday, privacy advocates seized on the California law to publicly criticize the company. A coalition of 14 groups, including the ACLU of Northern California, the Center for Digital Democracy, the Electronic Privacy Information Center, the Electronic Frontier Foundation and the World Privacy Forum, sent a letter to Google CEO Eric Schmidt asking that the company revise its home page to include a link to its privacy policy.

"Google's reluctance to post a link to its privacy policy on its home page is alarming," the letter states. "We urge you to comply with the California Online Privacy Protection Act and the widespread practice for commercial Web sites as soon as possible."

The California law took effect in 2004, but Google's home page was not questioned until last week, when The New York Times wrote that the search company might be violating the statute.

A Google spokesman disputed that California law requires it to link to a privacy policy on the home page, stating that the law only requires conspicuous disclosure. He said the statute spells out that "online service" providers can use any "reasonably accessible means of making the privacy policy available for consumers of the online service."

At least one privacy expert, however, says Google isn't an "online service" for purposes of the statute. Chris Hoofnagle, senior fellow with the Berkeley Center for Law & Technology, said California lawmakers intended that the term apply to companies that offered downloadable programs like adware or services like chat.

Google contends that its privacy policy is accessible and easily understood. The company also argues that the California law allows companies to use any hyperlink to give notice of the privacy policy, provided the hyperlink is "so displayed that a reasonable person would notice it." Google's home page includes an "About Google" link to a page that in turn includes a link to the privacy policy.

A Google spokesman said consumers can find the information simply by typing "Google privacy" or "Google privacy policy" into the company's search engine.

But Hoofnagle said that argument was flawed. "You'd have to use the service before you'd see the privacy policy," he said.

He added that it's not clear what Google is gaining by its stance. "Strategically it doesn't make sense to leave the link off the home page," he said, adding that consumers interpret the presence of a link as a seal of approval indicating that the company has a good policy.

"It's a small, dumb violation of the law, and they could cure it by just putting up the link," he said.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there's a larger principle at stake. "Google is subject to the same laws that every other Web site is," Rotenberg said. "They can't choose which laws to follow."