In January, Google announced that it was overhauling its more than 60 privacy policies and replacing them with one. As Alma Whitten, Google’s Director of Privacy in Product and Engineering, wrote in the announcement, the idea is to create a “beautifully simple, intuitive user experience across Google.”
The search giant said the main change for users would be that it could combine information from one service with its other services, thus providing a more fluid user experience. For example, if you conduct several searches on Google on a particular item, Google could assume that you want a video on that item if you then visit YouTube.
What do you think of Google’s new privacy policy? Does it affect you at all? We’d love to hear your thoughts.
According to Danny Sullivan, the Executive Editor of Search Engine Land, the new policy will provide users with more personalized results. He told us that it really wasn’t surprising that Google made the change since most other tech and Internet companies have one privacy policy for all their products and services.
“Google, which kind of has come from privacy policies on a per product basis, is kind of playing catch up, so that they have the ability to be more flexible both in what they may do with the information and how they may use the information to improve products and services,” he said.
This flexibility is what has some people worried, however. Under the new policy, Google could potentially take the information it gathers when users search to target them with ads. Although Google says it will not do this, the new policy gives it the right if it so chooses.
“Potentially, it gives Google a lot of new rights,” said Sullivan.
Privacy groups have voiced numerous concerns over what the new policy could mean. Specifically, the Electronic Privacy and Information Center (EPIC) has even sued the FTC, saying that Google’s new policy violates the settlement the company and the agency reached last year over Google Buzz. The group is asking the FTC to take action that will prevent Google from combining user data “without user content” before the company puts its new policy into effect next month.
Due to the timing of the matter, a federal district judge ordered the FTC to have its response to EPIC ready today. In return, EPIC is supposed to have its counter response ready by February 21.
EPIC also filed another complaint this week over the privacy assessments the FTC required Google to take. Google said it was complying with the audits but has, up to this point, kept them closed.
“I thought that if you’re going to be audited on privacy, then perhaps you ought to release the privacy audits so that… the public could see it,” said Sullivan.
EPIC claims that the FTC Consent Order required Google to answer detailed questions about privacy and user information but that the search giant did not answer them.
Interestingly, Forbes featured a report this week stating that the court should dismiss the lawsuit between EPIC and the FTC. According to the report, the privacy group is overstepping its third party right under administrative law.
Glenn G. Lammi wrote:
Washington Legal Foundation would be the last one to argue that federal agency actions should be immune from judicial review as a general principle. But once a settlement agreement has been reached between an agency and a private entity, the agency should not be compelled to embrace an outside party’s view that the agreement has been breached. EPIC is welcome to communicate its general views to FTC (which they do so quite often) on the Google Buzz settlement, just as Google might avail FTC of its thoughts on whether a competitor like Facebook or Twitter violated its respective privacy agreement with the Commission. But empowering activists or competitors to imprint their views of consent agreement breach on the Commission would be a dangerous and easily abused tool. If Congress wanted such third parties to inject themselves into FTC’s process on such agreements more formally and authoritatively, it would have said so.
Sullivan told us that, although he has yet to look closely at EPIC’s case, he doubted the FTC would find Google in any violation.
Unfortunately for Google though, that’s not where its problems stop. The European Union has also asked it to delay the roll out of the new privacy policy. In a letter to Google’s CEO Larry Page, Jacob Kohnstamm, a European privacy regulator, wrote:
We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated procedure. We have therefore asked the French data protection authority, the CNIL, to take the lead. The CNIL has kindly accepted this task and will be your point of contact for the data protection authorities in the EU.
In light of the above, we call for a pause in the interests of ensuring that there can be no misunderstanding about Google’s commitments to information rights of their users and EU citizens, until we have completed our analysis.
In a post on its European Public Policy Blog, Google responded to the letter saying it had met with several officials prior to its announcement and briefed them of the changes. It said that no one had any objections at that time and indicated that it would proceed with its plans to implement its new policy in March.
Most recently, nonprofit Consumer Watchdog wrote a letter to the U.S. House of Representatives’ Commerce, Manufacturing and Trade Subcommittee requesting that Larry Page explain Google’s “disingenuous statements about its supposed commitment to users’ privacy.”
In this letter, Privacy Project Director John Simpson wrote:
“If Google were truly committed to “user control,” it would ask users to “opt in” to these substantive changes in its data handling, rather than imposing them across the board… Google’s practices affect millions of Americans. Google is so dominant on the Internet that for many people Google is the Internet.
You must not allow Google to escape legitimate privacy concerns by sending underlings whose high-sounding pledges prove to be empty or whose answers prove insufficient in closed-door meetings. It is the chief executive who is ultimately responsible for the company’s behavior.”
What’s more, a Washington Post poll found that 65 percent of users said they would cancel their Google accounts over the privacy changes.
Sullivan, however, told us that he believes this poll is “99 percent inaccurate.” As he explained, users reacted in this same way when Facebook made changes in 2010. In the end, Facebook grew instead.
“If they’re that concerned about it, then their alternative is to go to another company that is doing exactly the same thing,” he said. “It really doesn’t come down to what these privacy policies say, it comes down to the kind of controls that you’re provided and given, and ultimately, I think, your trust in the company overall.”
Ironically, as Matt McGee pointed out, Google quietly launched a new program that allows users to get paid if they use the Chrome browser and share their data with the search engine. It’s called Screenwise and pays users in Amazon gift cards. Although many other companies conduct similar practices in order to learn how they can improve their services, Sullivan told us that the timing of this program was very bad for Google.
In spite of the backlash, it appears that Google will roll out its new privacy policy March 1. The company currently has an ad campaign to help to alleviate concerns, but Sullivan believes that Google will need to begin doing extensive PR outreach in D.C. as well.
Does Google’s privacy policy go too far, or is it what you would expect from a company of its size? Let us know what you think in the comments.