Google’s Privacy Policy Change: Initial Thoughts, Broader Issues
There’s a lot that could be said about Google’s new privacy policy, which the company announced yesterday. Here are some initial thoughts about the policy and the broader issues raised by the integration of Google’s products:
Google’s decision to consolidate its privacy policies and drastically reduce the number of policies it uses across its products is a good step toward greater transparency. The new policy is explicit: many Google products have been functionally merged. It is our understanding, however, that Google is maintaining the Chinese wall between data it collects from logged-in users and data collected by DoubleClick — a wall that deserves to be maintained. It is also worth noting that the new policy does not change users’ current privacy settings – whether on YouTube, Google+, or Picasa.
The integration of Google’s products re-emphasizes the importance of educating users about taking full advantage of the privacy controls the company offers: how to use “Incognito Mode” in the Chrome browser to keep logged-in sessions distinct from logged-out ones, how to change privacy settings through the privacy dashboard, and how to opt out of interest-based advertising. Google needs to continue developing user control tools and make them easy to find and use, and it should get those tools out to users as soon as this new privacy policy goes into effect.
We are concerned that the integration of Google services includes the Chrome browser. Moreover, Google has not promised to cabin off the Android web browser and Android OS. Special caution should be exercised with data from Chrome and Android because these two products see a lot and users are using them as platforms to connect with other services outside Google. We have similar questions about how sensitive data collected from Gmail could be correlated in the future.
In terms of future use, the drive toward simplicity may have made the new policy too broad. It talks about what Google may do with its integrated user data, meaning it does not foreclose future uses.
Google’s announcement serves as a reminder that privacy is not just about privacy policies – it is about data collection and use. All companies should be minimizing collection and correlation of data that doesn’t truly need to be collected or correlated.
Finally, Google and other companies should ensure it remains easy for individuals to continue to take advantage of services as unidentified, logged-out, users. In addition to protecting the logged-out experience, Google has also said that it is committed to maintaining the pseudonymous Internet experience.