Fact Checking Google's New Privacy Principles -- Part XVIII Publicacy vs Privacy Series

Google posted "Google's Privacy Principles" for International Privacy Day and made a pretty sweeping official representation to the public in its announcement post: 

• "We've always operated with these principles in mind. Now, we're just putting them in writing so you have a better understanding of how we think about these issues from a product perspective."   

Is this a factually accurate and fair representation of Google's past and current privacy practices?

If it is indeed a true statement:

• Surely Google could produce (publicly or for the FTC) the internal training and communications documents/emails that ensured that new and existing Googlers actually have "operated with these privacy principles in mind" over the last decade. 
• Why did Google not share these principles when Privacy International ranked Google as worst in its 2007 world survey and classified Google as "hostile to privacy?
• Why did Google not share these internal privacy operating principles in 2008 when California had to threaten to sue Google for not having a public privacy policy statement on its homepage for four years despite being required to by law?

Google also asserted that: "Like our design and software guidelines, these privacy principles are designed to guide the decisions we make when we create new technologies."

• If these privacy principles were indeed like Google's "design and software guidelines" that have been on Google's site for several years, and by implication as important, why did Google not write them down until now?

Let's consider this sweeping representation of Google's privacy behavior from another perspective. If Google considers these privacy principles to be sound and defensible, and Google has "always operated with these principles in mind," wouldn't that suggest if Privacy International was right in 2007 in ranking Google as worst in the world in privacy, would that not still be true today? 

Let's now fact-check Google's five privacy principles.

"1. "Use information to provide our users with valuable products and services."

• in a business context, Google primarily uses private information to better target advertising in order to charge higher prices and generate more revenues.  
• Google's competitive advantage is that it collects, tracks, stores, and analyzes more private information than any entity in the world -- by far. 
• Google's famed "innovation without permission" approach to business means that Google does not ask users for permission to use their private information.
• Privacy is not the default at Google, "publicacy" (the opposite of privacy) is the default.
• The reason for this is simply control. If users were asked permission or given control over their information by Google, the user would be in control and not Google. 
• The reason Google does not ask for meaningful consent from users is that Google knows they could not get it and that if they could not take it like they do now, they simply couldn't extract the prices they do from advertisers.
• In a word, Google does not value users' privacy, because at core, their model depends on publicacy, the exploitation of privacy without meaningful permission.    

"2.  Develop products that reflect strong privacy standards and practices."

• If these principles were longstanding and indeed "reflect strong privacy standards and practices" why did Google have such privacy uproars over:

• Google's automated reading of all gmails even those private emails of people that do not use gmail?
• Google Earth's display of the White House roof and other sensitive sites around the world?
• Google StreetView's pictures of peoples' private property that prompted privacy outcries around the world? and
• The Google Book Settlement, which still has no privacy protections for what people read like they do in libraries?
  • (These examples are illustrative and not exhaustive.)

"3.  Make the collection of personal information transparent."

• If Google was indeed operating under these privacy principles all along, why was it only in 2009 that Google created the Privacy dashboard, and their Data Liberation Front?
• And if Google is so transparent with how they collect private information, why do major respected surveys by Consumer Reports and the Annenberg School strongly suggest that consumers are largely unaware with what Google and others are doing with their private information online? 

"4. Give users meaningful choices to protect their privacy."

• If the "dashboard" is supposed to be "meaningful choice," why do Google's privacy practices not also offer an on-off switch, a brake or a reverse?
• If the Data Liberation Front is supposed to give users full portability "choice", why did the user never have meaningful choice in whether Google collected the information in the first place?

"5.  Be a responsible steward of the information we hold."

• If Google was truly a responsible steward of the information they hold, why do they collect, track and store more private information about more people in the world, private information that puts these users at enormous unnecessary privacy risk, if Google has a data breach, is hacked or is subpoenaed ( all of which have happened)?
• A good steward would not collect and store private information in such volumes without a users meaningful knowledge that could put the user at enormous risk of loss, blackmail or prosecution.

In sum, Google's Privacy Principles are new and do not reflect how Google has operated over the last decade. As much as Google gives privacy lip service, Google actually remains the single biggest threat to Americans' privacy.   

• Google has a publicacy business model built almost entirely on exploiting the use of private information without users' meaningful consent or control. 
• Maybe the single biggest threat to Google's business model would be if users actually were in control of their own private information and not Google.    

 

Publicacy vs Privacy Series:

Part I: The Growing Privacy-Publicacy Fault-line -- The Tension Underneath World Data Privacy Day 

Part II: Implications of User Location Tracking

Part III: Extreme Publicacy -- Does Privacy Stand a Chance?

Part VI: Why FTC’s Behavioral-Ad Principles Are a Big Deal

Part V: Privacy prevailed in Facebook's privacy-publicacy earthquake

Part VI: Do People Own Their Private Information Online?  

Part VII: Where is the line between privacy and publicacy? 

Part VIII: "Privacy is Over"

Part IX: "Interventional Targeting? "Get into people's heads" 

Part X: "Latest publicacy arguments against privacy"

Part XI: "The Web 2.0 movement is opposed to the privacy movement." 

Part XII: "No consumer control over the commercialization of their privacy?"

Part XIII: "Does new Government cookie policy favor publicacy over privacy? "

Part XIV: "Google Book Settlement "absolutely silent on user privacy" 

Part XV: Yet more evidence of Google's hostility to privacy

Part XVI: Poll: Americans strongly oppose publicacy & expect online privacy

Part XVII: FaceBook CEO throws privacy under the bus