What's Going On with Google's New Privacy Policy?


Last week, Google announced what Pablo Chavez, director of public policy for the company, called "the most extensive user notification effort" in the company's history, reports Politico. These notifications advised users to upcoming changes in Google's privacy policy—specifically, the consolidation of separate policies across services into one umbrella statement.

Responses varied among tech bloggers and reporters. Some were upset: Mat Honan at Gizmodo was apparently so scandalized that he commissioned a visual realization of the true evil at the hearts of Google founders Sergey Brin and Larry Page. The tech blog VentureBeat declared Google a goner.

Critics charged that "by combining its services, Google makes anonymity more difficult" (VentureBeat), and that "every day, Google pushes harder to keep users inside its ecosystem, discouraging them from venturing elsewhere whenever possible" (Lifehacker). Members of Congress spoke out as well, as Infosecurity reports:

Rep. Ed Markey (D-Mass.) and Rep. Joe Barton (R-Texas), co-chairmen of the Congressional Bi-partisan Privacy Caucus, sent a letter on Friday to the FTC asking the agency to probe whether the lack of an opt-out provision in Google's new privacy policy, which allows the company to track activities of users across most of its services, violates the company's consent agreement reached last year over the Buzz social network.

These are all serious charges, but they also fail to acknowledge that users can avoid data collection by signing out of Google while using search, YouTube, and other products; by creating multiple log-ins; by ticking the "off the record" option for Gchat; by disabling search history; and by tinkering with other options in their preferences.

This also isn't the first time legislators have seen a problem with Internet user privacy and taken it upon themselves to flesh out the perfect set of regulations to keep user data private. In Reason's June 2004 issue, Declan McCullagh summarized a similar effort:

Congress has convened dozens of hearings on Internet privacy issues, and in April 2002 Sen. Ernest Hollings (D-S.C.) introduced his Online Personal Privacy Act. The now-defunct bill would have regulated how Internet service providers, commercial Web sites, and noncommercial sites supported by advertising or product sales collect information about customers. The legislation covered "personally identifiable information," including names, e-mail addresses, and numeric I.P. addresses.

The catch, McCullagh explained, is that Congress' April 2002 Online Personal Privacy Act and Europe's opt-in mandates from the same time period are one-size-fits-all solutions to a problem that is lent complexity by the many different types of businesses that provide services—some of which they need to advertise—across a multitude of markets. Google argues that by consolidating user data, the company is more likely to provide search results and advertisements that are relevant to the user's needs.

It's unclear yet where all this leads. Congress and the FTC may step in again, as they did with Google's Buzz fiasco from last year. Privacy observers may simply drop the whole thing after they see the upside to the new policy. Considering that implementation of the changes is still a full month away, we'll have to wait and see what happens.

More from Reason on privacy.