Well that didn’t take long.
Less than a week after I predicted that “2012 could be a very good year for privacy,” Google announced a new privacy policy, one which would apply across almost all of its services. Far from being seen as a good thing, though, the initial reaction was a large outpouring of grief by the privacy community. Even the general media portrayed the move in a dark light.
The Washington Post, for example, was quick to point out that “A user signing up for Gmail, for instance, might never have imagined that the content of his or her messages could affect the experience on seemingly unrelated Web sites such as YouTube.”
Some of the headlines for the stories about the change:
- Google Privacy Change Provokes Outrage (Information Week)
- Use Google? Time to Get Real About Protecting Your Digital Self (The Atlantic)
- How to close your Google Account (The Washington Post)
- Google's New Privacy Policy Raising Questions in Washington (AdWeek)
- Google changes privacy policy to make the company one big product (VentureBeat)
- Google Changes Again, Launches One Privacy Policy to Rule Them All (Mashable)
- Google's new privacy policy: Is this war? (KPCC radio)
- Big Brother? Google's new privacy policy creates one massive database (Tecca)
And there’s many more just like them.
Common Sense Media claims to be “…dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology.” Their chief executive, James Steyer, was quoted in the Washington Post article as saying: “Google’s new privacy announcement is frustrating and a little frightening. Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”
Of course, everyone does have the option to “opt out,” by not using the service. Well, there is another way, which I’ll tell you about later.
Not all of the media was negative, though. Forbes magazine noted in its headline: “Internet Freak-out Over Google's New Privacy Policy Proves Again That No One Actually Reads Privacy Policies”.
Google isn’t going to be collecting any more, or any different, information with this policy change. As explained in a Google blog entry (by Alma Whitten, Google’s Director of Privacy, Product and Engineering): “…we still have more than 70 (yes, you read right … 70) privacy documents covering all of our different products. This approach is somewhat complicated.” So the company is taking 60 or so of them (the others have legal reasons to be kept separate) and rolling them into one which “…covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way.”
As a consequence of this, the new policy “…makes clear that, if you’re signed in, we [i.e., Google] may combine information you've provided from one service with information from other services. In short, we’ll treat you as a single user across all our products.”
Again, nothing new will be collected; it will simply be amalgamated into one record rather than 2, 5, 15 or more under the current policy. Will this help users, or hurt them?
The jury is still out on that, of course, but I personally believe it will help many more people than it might possibly hurt. The telling point is who gets to see that accumulated data.
As the above cited blog post notes, “We remain committed to data liberation, so if you want to take your information elsewhere you can. We don’t sell your personal information, nor do we share it externally without your permission except in very limited circumstances like a valid court order. We try hard to be transparent about the information we collect, and to give you meaningful choices about how it is used.”
Ah, so how will it be used?
Generally, Google’s critics and the company itself agree that the data will be used to personalize your experience across the multiple Google platforms (search, Gmail, Google+, YouTube, Android, etc. – each of those “70 plus” privacy policies referenced earlier refers to a different service/platform). Some see that as, well, in Gizmodo’s words: “The End of ‘Don’t Be Evil’."
Google, though, thinks this will – for the great majority of its users – improve their on-line experience and improve it dramatically.
Not only will the search engine know more about what you’re searching for (if you enter “Jaguar” as a search term, do you mean automobiles or wild animals?), but it can tailor the advertising you see (and you will see advertising) to your tastes and desires. So if I enter “Mannequin Pis” as a search term (or to find pictures) I might see that priority is given to the famous Brussels statue or it might be to the restaurant in Olney, Maryland (about 10 miles from my office). The deciding point might be where my Android phone indicates I’m located at the time I search.
Some people find that “creepy.” I’m not one of them.
For twenty years I’ve been waiting for a personalization service like this. It was one of the reasons I became so interested in directory services and, later, identity services. It’s the promise of being my personal assistant, in theory, that’s finally being delivered.
One example that Google’s Whitten points out: “We can provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day.” She could have added that emails could be automatically sent to other others scheduled for that meeting letting them know you would be late – and actually reschedule the meeting knowing what their calendars look like and approximately how long it will take you to get to the office. I find that to be an excellent use of technology. If it also means I’ll see more ads for cruises, antiques and restaurants (things I’m interested in) and fewer for shoes, fast food and skiing (which I’m not interested in) then I consider that a plus.
Now, if Google was going to package this information and distribute it to its advertisers or sell it to other third parties to do so, then I’d be in the forefront of those protesting – and I’d quite possibly be looking to replace those Google services I do use. But they aren’t. Google’s policy regarding this data stays the same, “We don’t sell your personal information, nor do we share it externally without your permission. [emphasis added]” No one has ever shown that Google violates this pledge.
Forbes’ Kashmir Hill sums it up best, I think: “When Google starts bundling everything it knows about its users and selling that to insurance companies, background check companies, and the Department of Homeland Security, that’s when I’ll trot out the ‘evil label.’ But using information from Gmail to suggest more appropriate YouTube videos or reminding an Android smartphone user that they have a Google calendar appointment in a half hour on the other side of town doesn’t strike me as the work of Lucifer.”
I did promise you a way to stop Google from amalgamating all of your data, didn’t I? It’s quite simple, just create separate accounts for the services you want to keep separate – Gmail, YouTube, Picassa, what have you. Google can’t force you to put every service under one account, so you can do this to maintain relative privacy – just remember which accounts cover which services!
In other privacy news, the EU has proposed updated regulations covering data breaches and the mis-handling of personal information. Companies could face penalties as high as 2% of their yearly global sales (not just EU sales) but, on the plus side, companies would now only have to deal with the privacy agency of the country they’re headquartered in rather than face all 27 EU data-protection agencies. So, stricter rules, bigger “teeth” in the law but easier compliance - it’s too soon to tell if this is a plus or a minus – and for whom.
Finally, a new debate is starting in the US about privacy and healthcare. Some have proposed what’s called a universal patient identifier, or UPI – a single unique health-care identification number for every inhabitant. This would be very useful for doctors, emergency workers, hospitals, pharmacists – and patients. Proponents say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. Privacy activists say the data would be collected and sold to third parties causing a rise in distrust of the medical profession and a deterioration in care. Expect this debate to go one for quite some time.
Here at KuppingerCole we’ll be following these issues – as well as all identity privacy issues – as they play out round the world.