NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Google's Privacy Policy Changes: Revolution? Evolution? Or Confusion?

    Google's Privacy Policy Changes: Revolution? Evolution? Or Confusion?


In the mere four days since Google announced significant changes to
their privacy policies and terms of service [ http://j.mp/zBpuE4
(Official Blog)] (with a follow-up posting a couple of days later 
[ http://j.mp/yqbM5E (Policy Blog)] ), the Net has been abuzz with
associated criticisms and discussions.

I had hoped to at least let the dust settle on this a bit before
chiming in, but when I saw an article yesterday comparing Google's
changes with the creation of the humanity crushing "Skynet" from the
"Terminator" movies, I figured perhaps a few words might be relevant
sooner rather than later.

Google bundled a lot into a single announcement, and has emphasized
the importance of the changes with prominent notes around their sites
and via email notifications to Google account holders.  They obviously
did this in an effort to assure maximum transparency, but I believe
they may have erred a bit by assuming most users had sufficient
historical perspective to put the changes into a realistic context.

The result has been quite a bit of confusion and emotional reactions,
much of which seems not grounded in reality.

Still, the changes are significant.  Let's explore the landscape a bit
and then you can draw your own conclusions.

We begin with that historical perspective I mentioned.

What is Google to most users?

Is it a service?  A set of disparate services?  A collection of
related services?

We all know that Google began as a search engine.  You dropped in
search queries and got results back.  You didn't need an account to
use it.  And obviously, it's also still free to use -- you don't need
to login or have an account to use Google Search today, either.

Over time, other services joined under the Google banner.  YouTube was
an acquisition, and operated for quite a while with a unique account
system completely different from the evolving Google Accounts
structure.  You could always view YouTube videos for free without an
account, and you still can for the vast majority of YouTube vids.

Other free Google services appeared gradually, some needing accounts,
some not.  Google News, Gmail, Google Docs, Google Profiles, Google+,
and so on.

For services that need accounts, like Gmail and Google+, there are
differing identity characteristics.  Gmail doesn't require the use of
person-linked profiles.  You can create multiple free Gmail accounts
under various names, and as long as you're conducting yourself
legally, you're good to go with a variety of different Gmail
"personas" if you wish.

Google+ is by its nature more linked to individual identities -- that
is, more of a one to one mapping with actual people (though Google+
Pages do provide a means to effectively create alternative identities
even in that more individual-centric environment).

One upshot of this evolving set of Google services is obvious -- they
have traditionally felt much more like completely separate entities
than a unified Google experience per se.  Even when you have a Google
account (or accounts) -- which would seem to be the logical units for
data management and sharing -- the handling of that data even within a
single account has varied between services.

The complexities of this situation are illustrated by the more than 70
different privacy policies that have existed for the range of Google
products and services.  That's a lot of privacy policies.

It's not surprising then that many Google users have not had a clear
idea, and in many cases have misunderstood, how their data is being
handled by Google, despite Google's continuing evolution of user
information and control tools such as their Privacy and Ad Preferences

Now compare this situation with Facebook, which was founded some years
later than Google.

Facebook is seen largely as a single service, with its various
functionalities usually viewed not in isolation but as parts of a
comparatively unified whole.  Even though some of these capabilities
are similar to those of Google (e.g. video upload and playback in a
manner somewhat akin to YouTube), the "unified" structure of Facebook
tends to avoid questions of data sharing within a Facebook account.
This despite the fact that at least theoretically users have far less
flexibility in creating Facebook accounts than Google accounts, and
far more functions require login for access on Facebook as opposed to
with Google.

It's been obvious for some time that Google wants to move toward a
more unified services structure itself.  Social applications pretty
much require this to provide a useful environment for participants,
and there are many other benefits both to users and the services

In an appropriately implemented unified system, users are able to
easily both understand and control what information they share with
others, without having to manage an array of disparate policies and
environments.  Service providers benefit from being able to provide
more relevant ads for free services on an account basis, rather than
on a fragmented service basis.  And these are the ads that -- whether
you like it or not -- are critical to keeping these services free for
the vast majority of users like you and me.

So with all this in mind, what is it that Google is actually changing
in their privacy policies and terms, and just as importantly, what
aren't they altering?

They're distilling down those 70+ privacy polices to just a few, and
working to make them more easily understandable.  This is largely
noncontroversial -- simplicity rather than complexity in such
documents is almost always a big win for everyone involved (at least
if you're not a lawyer, and often even then!)

And (here comes the controversial part) Google will be using collected
data across Google Account related services for the provision of ads
and the like, instead of restricting that data to individual service
"silos" within individual Google accounts.

Now, what *isn't* happening with these policy and terms updates,
as I understand them:

Is Google collecting more data regarding your activities as a result
of these changes?  NO.

Is Google sharing your data with other users or third parties as a
result of these changes?  NO.

Are Enterprise (paying) customers affected by these changes?  NO.

Is Google combining your Google Account data with data from
third-party sites running services such as Google Analytics or
DoubleClick?  NO.

Is Google requiring you to login to use more services?  NO.

Does the new cross-services data sharing policy have any impact on you
when you're not logged-in?  NO.

Is your information shared between separate Google Accounts that you
may have created for different Google services?  NO.

Will you be prevented from creating separate Google Accounts for
different Google services?  NO.

 - - -

So what does the new data sharing policy really mean?  Well, for
example, if you're logged into the same Google Account for Search and
YouTube, you might see ads in one based on searches in the other (with
these ads in general impacted by your settings in the Ad Preferences
dashboard, which allows a great deal of control over all this,
including choosing not to receive customized ads at all).

The irony is that many persons have apparently assumed that this kind
of sharing was already the case when they were logged into a single
Google account for different services.  It seems completely logical
and useful for ad preferences and customizations to be shared across
services when using the same Google account.  After all, you're the
same person, and your data is being handled only by Google, not being
shared with third parties.

But there are people who prefer the historical compartmenting of data
between services, despite what we could call the "natural sharing"
characteristics of a single account in the generic sense.

As we've noted, you can still use Google Search and more without
logging in.  You can create multiple accounts and associate different
accounts with different Google services.  You can easily use Google's
"Data Liberation" system to download messages and documents from
Google services to move them to other Google accounts, or to outside
services entirely.  By combining various browser add-ons with Google's
existing fast account switch commands, you can make the process of
using different Google accounts with different services essentially as
automated as you wish.

This sort of flexibility seems in considerable contrast to the sorts
of situations we face in other aspects of lives, such as with banks
and credit card companies who usually share far more information about
our activities (especially to third parties) than do most major online
services, and provide far fewer options for user control.

Of course ultimately the decisions about what services you wish to 
use -- both online and offline -- are up to you.  Reasonable persons can
have differing opinions and can disagree regarding the value,
importance, and impacts of changes in privacy, terms of service, or
various other aspects of services in cyberspace or the brick and
mortar world.

But I do think it's crucial to at least start from a foundation of
facts, not hyperbole, and with an appropriate sense of not only where
we are, but where we've been as well.

Interesting times, indeed.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list