On 24 February 2010, three current or former senior Google employees — Chief Legal Officer David Drummond, Global Privacy Counsel Peter Fleischer and former CFO George Reyes — were convicted of violating Italian privacy law. The case concerned a 2006 posting to the online Google Video service that showed a disabled student in Turin being bullied. Prosecutors alleged that Google did not act quickly enough to remove the video, and a court in Milan found the three defendants guilty, sentencing them in absentia to six-month suspended sentences. They were acquitted of charges of criminal defamation in the case, and a fourth defendant was acquitted of all charges. Google plans to appeal.

Gartner is not a law firm and does not offer legal advice, but we believe this very unusual court ruling should not be taken as an indication of an emerging trend in Europe or elsewhere. A ruling of this type fuels the argument that privacy regulations are too strong, and so actually tends to discredit legitimate privacy concerns. Enterprises facing legitimate scrutiny of their privacy practices — social networking sites, for example — will likely welcome the distraction this case offers.

Nonetheless, the immediate reaction to the case, including charges that basic Internet freedoms are endangered, seems to be exaggerated. Platform providers have previously been held responsible for illegal content in sometimes-controversial cases in Europe — French courts fined eBay for auctions of illegal goods and Yahoo for sales of Nazi memorabilia, and Arcor, an Internet service provider in Germany, was ordered to prevent access to some pornographic websites — but the sentences in the Italian case appear to be a first. The case is also unusual in that it was brought by criminal prosecutors, not the Italian data protection authority.

It remains to be seen whether the convictions will stand, and Gartner sees no trend in other jurisdictions toward holding employees of online platform providers criminally responsible for content posted to their sites, particularly in cases where they have cooperated with law enforcement. Chief privacy officers and other privacy professionals remain highly unlikely to go to jail for doing their jobs.

• Review enterprise privacy policies and practices to ensure that they are fully compliant with requirements in all legal and regulatory jurisdictions.
• Consider the Google case an outlier, and wait to see whether the convictions are upheld by appellate courts. Take no specific action at this time in response to this case.

• "Roundup of Privacy Research, 4Q09"— Gartner's comprehensive body of privacy research can be used to make informed best-practice decisions about privacy in many different areas. By Carsten Casper
• "Breach Notification Laws Are Coming to Europe"— Breach notification requirements for European telecommunications and Internet service providers are just the beginning, with the European Union planning to extend them to all private and public organizations. By Carsten Casper

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)