Google's Privacy Lip Service

This post documents the pile of evidence that Google just gives lip service to privacy matters.

• A few days ago, Google quietly and begrudgingly complied with California privacy law by putting a privacy link on its home page. Kudos to Saul Hansell's New York Times blog which spotlighted Google's privacy intransigence.

I will analyze Google's privacy policies to show why it was no fluke that privacy watchdog, Privacy International ranked Google worst in its world survey on privacy and called Google "hostile to privacy."

First, consider the way that Google finally posted its privacy link on its home page. While it may now be in compliance technically, it sure isn't embracing the letter or the spirit of privacy law. 

• In the last line of his blog Mr. Hansell ruminated that: "it doesn't seem like it would be that hard for Google to put a single seven-letter word somewhere on its home page."
• It turns out that it was.
  • Google announced its technical compliance in possibly the most begrudging and minimalist manner possible:
    • It posted it on its blog, after the markets closed on July 3rd, the day before a national holiday. That is the release time when a PR person wants to bury the news to ensure the fewest news organizations or people learn of it.
    • Not only did Google's blog post not have the word "privacy" in the title, the title was a cryptic, off-putting puzzle: "What comes next in this series? 13, 33, 53, 61, 37, 28...". Moreover, you had to trudge through over 400 words of "why am I reading this rambling blog?..." before discovering the first mention of the word "privacy" in the third paragraph. Only then did one learn Google had finally changed their home page to include a "privacy" link.
    • When they did put a link on the home page, it was not where most would think it would be -- next to "About Google" in similar font. It was buried next to the ©2008, boilerplate symbols that they know most users eyes won't notice.
    • To add insult to injury, the link also does not take a user directly to Google's privacy policy as required, but requires another one or two clicks to get there. The link take you first to the public-relations-privacy-page first.

Second, its apparent privacy is a low priority for Google given that Google has not updated its privacy policy since October 14, 2005, despite huge changes in the company's products/services and several major external developments affecting Google's privacy policy.

• Since 10-14-05, Google has entered new businessess which operate under very different privacy laws, regulations, and expectations: YouTube -- viewing habits; Feedburner -- reading habits; Grand Central -- voiceprints and wiretapping; DoubleClick -- ad-vewing habits; among others.
• Since 10-15-05, Google Health has exploited a loophole in health care privacy law; Google has offered Friend Connect, a new social networking application after state attorneys general have focused on social networking privacy problems; and Google has offered StreetView, despite broad serious privacy concerns.  
• The 10-15-05 privacy policy must have been so perfect, so-all-knowing, that Google did not need to adjust it by one word -- for any of these following important external privacy devlopments:
  • In 2006, Google misinterpreted its legal obligations on privacy and lost a court case to the Department of Justice which was seeking Google's assistance in tracking down child pornographers.
  • In fall 2007, Privacy International ranked Google worst in its world privacy survey and called "hostile to privacy."
  • In 2007, privacy watchdog EPIC sued Google during the FTC review of the DoubleClick acquisition charging that Google's privacy policies were deceptive trade practices.
  • At the end of 2007, simultaneous with the 4-1 approval of the Google-DoubleClick merger, the FTC staff proposed new behavioral advertising privacy principles that obviously would require a major overhaul in Google's business model and privacy policy.
  • Recently, the House Energy and Commerce Committee held a hearing on concerns about companies like Google that are not subject to medical privacy laws. 

Third, Google's unfairly represents its business purposes in the first bullet of its Privacy Overview: "We may combine personal information collected from you with information from other Google services or third parties to provide a better user experience, including customizing content for you."

• Google routinely represents itself to users as working for them. Google does not work for users; users do not pay Google. 
  • Google has a profound and deep financial conflict of interest in that Google works for advertisers and website publishers -- NOT users.    
• Google does not combine private data to "provide a better user experience, including customizing content for you."
  • Google collects private user information to provide advertisers and website publishers a more targeted, customized, and valuable advertising service!
  • It is unfair representation and false advertising for Google to represent to users that it collects and combines users' private information for their benefit!
• Why is this a problem?
  • Just like investment banks during the market bubble unfairly represented that their investment research was objective and looked out for the investors' best interest, it became clear that their undisclosed conflict of interest was devastating to investors who trusted the badly conflicted investment research -- remember Enron? WorldCom? 
  • How are search users being hurt by a misleading privacy policy that does not clearly disclose the financial conflicts of interest that would concern users?
    • Google is not warning its users that they are at an increased risk of identity theft or malicious viruses when they click on certain Google search results, because it is not in Google's business interests to protect users from harm, but to protect advertisers and website publishers from revenue losses that would occur if Google flagged dangerous search result links with warnings that the website may not be safe -- information that Google knows and does not disclose to users.    

Bottom line: Given Google's business philosophy promoting innovation and speed to market, and given that Google claims that privacy is an important priority at Google, it is surprising that given the storm of privacy developments/problems/concerns, both internal and external to Google, Google's privacy policy has not needed to change even one word since 10-14-05.

•  
  • Either Google was perfectly prescient on October 14, 2005, Google has nothing to learn from anyone on privacy -- or privacy simply is not a priority for Google. 
  • It's obvious from the mountain of evidence, Google only gives privacy -- lip service.