Why Google's Approach to Privacy is Wrong

White Echo
Google Privacy Policy (Logo Redesign)

Privacy Watchdogs in the UK, Germany and Italy have threatened to take legal action against Google due to the internet giant's privacy policy statement altered last year to unify data collection across its numerous online services.

The Information Commissioner's Office (ICO), Britain's information rights authority, claims that the unified privacy policy is not clear for users of individual services. In its latest statement the ICO's spokesman said:

Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.

Google's failure to comply might lead to a contempt of court order. The ICO has also powers to impose financial fines (up to £500,000) but to do that it would need to prove that people were harmed as a direct result of the Google's privacy policy violation.

So What is Wrong with Goolge's Privacy Policy?

The controversial unified privacy policy was introduced by Google on March 1, 2012, when the company granted itself rights to mine its huge reservoirs of data across all of its services. According to Google this was done to improve the experience of its users by creating an accessible and easy to read privacy policy statement encompassing all its services in a single document.

However, it is not entirely clear how the data sharing works in practice and in what circumstance it applies. The privacy policy in question reads:

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know.

Google argues that the data sharing is used to maintain and improve its services as well as to offer tailored content. It states that personal information can be used to improve the relevance of Google's search results and targeted ads.

This creates at least two major concerns about the privacy of users' personal information. Firstly, the practice of personal data unification makes it impossible for users to determine the degree of anonymity when using any of the Google services. For example, imagine that a person uses the Google+ social network for personal communication with friends and relatives. At the same time she goes to the popular YouTube website to voice her opinions about politics or human rights. In her capacity as an online activist she would prefer to remain anonymous as she fears the prospect of persecution from her local environment. But Google has blurred the distinction between its various services. According to the unified privacy policy Google "[...] may use the name you provide for your Google Profile across all of the services we offer that require a Google Account."

What upsets the ICO and other European watchdogs is that this policy is not sufficiently transparent. It does not clearly stipulate the mechanisms behind personal data sharing and how they apply to users of individual services. This is extremely important as the data juggling carried out by Google is not a well understood fact of life, as the company representatives would like to believe. There are many people who don't know that YouTube is owned by Google, for example, and even those that do may not expect their data being shared across all Google-owned services.

Secondly, the unification of personal data coming from such a wide range of sources carries a huge risk of identity disclosure. Besides Google's internal processing, which by itself already involves the risk of data leaks, the company shares some of its data with third-parties such as advertisers and publishers. According to Google policy, the sharing of "sensitive personal information" requires opt-in consent. However, in the context of the enormous pool of data at Google's disposal, a user's anonymity can be compromised without disclosing the person's name or email address.

This danger should be fairly obvious. If an incognito person expresses support for a local gay activist in a fictional town of Spyville of 20,000 people, then this action in isolation can be considered anonymous. However, if somebody were to learn that the same person liked a certain YouTube channel on a certain day and added a friend to Google+ account on another, then the cross-referencing of the three separate events is very likely to indentify a single Spyville resident, thus revealing the person's true identity.

Of course we don't really know how the massive data is being used. Even the ICO, which has responded to the unification of the privacy policy after a 15-month long investigation, cannot figure out what's actually going on inside Google.

The data unification is obviously not the first privacy debacle in Google's short history. It follows the scandal over its collection of private information via unsecured Wi-Fi networks as part of its Street View system, automatic unauthorised picture and video taking by Google Glass, and of course the latest revelations about Google's implication in the NSA'a Prism program, which the company has so far vehemently denied. The time has come for Google to face the crucial issues of user privacy and information security by showing transparency and accountability before the news of people's personal tragedies caused by inadvertent information disclosures start flooding in.

Google's Logo Redesign by Tyler Jordan. Source: http://www.evisibility.com/blog/say-hello-to-the-new-google-bot-logo/
Facebook icon
Twitter icon
Reddit icon
Del.icio.us icon
Pinterest icon

Categories

Latest articles

  • Learn to Design Like a Google Pro

    5 Jul

    Google Design Principles

    Despite its commitment to focus on developing its online search services, Google Inc. is now more of a conglomerate, with its product range spanning from online applications and services to hardware consumer goods such as Chromebook and Google Glass. This article explains how Google has managed to maintain a consistent development of its brand identity across its entire product range and stay true to its beautifully minimalist, humble, and yet often quirky design style.

    read more

  • Apple Store Website Gets a Makeover

    29 May

    Apple Logo

    Apple Store has just unveiled its new homepage taking the design yet another step towards a cleaner, flatter look. The move betrays the company's overall shift in user interface (UI) design since John Ive took over as the boss of Apple's Human Interface.

    read more