Google’s “Mass Indiscriminate Surveillance” Threat to US-EU Data Safe Harbor

Google’s ongoing mass indiscriminate surveillance of Europeans’ private activities could threaten quick resolution of the European Court of Justice’s ruling that the US-EU Data Safe Harbor was invalid given the NSA’s “mass indiscriminate surveillance” exposed by Edward Snowden.

Google’s unique, systematic defiance of European sovereignty on these matters could warrant specifically excluding Google from what could be a timely reconstitution of the US-EU Data Safe Harbor, so that one bad actor does not spoil the whole process for the thousands of companies that have respected their Data Safe Harbor responsibilities.

In a nutshell, the potential Safe Harbor problem here is that Google: engages in comprehensive mass indiscriminate surveillance of Europeans’ private activities; stores Europeans’ private data in the U.S. where it is most accessible by the NSA; is the world leader in the machine-learning technologies necessary to automate, translate and analyze mass surveillance for the NSA; has a substantial history of working with U.S. intelligence services; owns the worst privacy record in the EU; engages in widespread wiretapping without permission; and opposes Europeans’ ability to opt-out from Google’s omni-surveillance of them as the European Court of Justice expects.    

What is the evidence of Google’s “mass indiscriminate surveillance?”

Google has a unique “mission to organize the world’s information and make it universally accessible and useful.” Google has developed more ways to monitor more people than any entity ever (see how many here).

Over two billion people have Google accounts. Over a billion people use and rely on Google: Search, YouTube/video distribution, Maps/directories/location services, Gmail/communications, Android mobile operating system, Chrome browser, and Play app store. A half billion active users rely on Google Translate. ~98%  of the top 15 million websites globally depend on Google Analytics tracking of Internet users’ behavior for their advertising livelihood.

Consequently, Google is unique in its ability to conduct “mass indiscriminate surveillance” on most Europeans’ Internet behaviors.   

In addition, Google has unique physical world ambitions for “mass indiscriminate surveillance” of Europeans as well, because in the last few years Google has acquired most all the technologies necessary to create a ubiquitous physical surveillance network (see Google’s “mass indiscriminate surveillance” physical capability here).

Thus for almost 2 billion Internet users, including most European Internet users, Google knows:

  • Who they are by ethnicity, race, income, religion, politics, etc. & who are their friends/influencers;
  • What sites/content they visit, read, watch, listen to, share; what they do, think & believe;
  • When they do things, go places, get sick, have health, money, and job problems;
  • Where people are, live, work, eat, sleep, gather, go, travel, and vacation;
  • Why they do things, buy stuff, go places, or vote for candidates; and 
  • How people are best influenced and most predictable.

As Alphabet-Google CEO Larry Page summed up his companies’ surveillance ambitions in 2012: “We're still 1 percent to where we should be…what I'm trying to do is… really scale our ambition.”

What is the evidence of Google working with the NSA?

In 2004, Google’s purchased the CIA/In-Q-Tel-funded  Keyhole to enable Google Earth.

In 2008, Google sold servers to U.S. intelligence services.

In 2009, Google asked the NSA for help in warding off Chinese hackers who broke into Google and stole their entire password system. 

In 2010, a U.S. spy agency offered Google an exclusive no-bid contract for its mapping service, most likely because of its 2004 acquisition of CIA/In-Q-Tel-funded Keyhole for Google Earth.   

In 2010, Google Venture co-invested with the CIA’s investment fund In-Q-Tel in Recorded Future.  

In 2013, Google bought the U.S. Defense Department’s leading military robotics company, Boston Dynamics, and several other robotics companies.  

In 2014 and 2015, Google’s Deepmind artificial intelligence and machine learning operation has assembled “the largest collection of machine learning experts anywhere in the world,” according to Google’s Deepmind CEO Demis Hassabis, per Business Insider.

What is the evidence that Google is a uniquely bad actor undercutting the US-EU Data Safe Harbor?

Copious evidence in the summary links below show Google pervasively abuses the trust of the US-EU Data Safe Harbor, in that Google: evades sovereign accountability; flouts the rule of law; takes others’ intellectual property; disrespects users’ privacy; engages in widespread wiretapping and “mass indiscriminate surveillance;” deceptively brands and misrepresents its business; operates in an irresponsible unsafe manner; and fosters a corporate culture of unaccountability.

Simply Google is unique among companies implicated by the US-EU Data Safe Harbor in its utter disregard for the privacy and data protection expectations of the European Court of Justice.

What evidence indicates Google is fundamentally at odds with Europeans’ right to privacy?

Consider Alphabet-Google’s general attitude towards potential limits on Google’s ability to freely and openly surveil everyone -- in their own words.   

“There’s been spying for years and there’s been surveillance for years and so forth, I’m not going to pass judgment on that, it’s the nature of our societysaid Google Chairman Eric Schmidt per RT.

"I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time,” Google Chairman Eric Schmidt told the WSJ.

"We know where you are. We know where you've been. We can more or less know what you're thinking about," said Google Chairman Eric Schmidt per the Atlantic.

If you have something you don’t want anyone to know, then maybe you shouldn’t be doing it in the first place” said Google Chairman Eric Schmidt on CNBC.

And most relevant to resolution of the invalidation of the US-EU Data Safe Harbor, Google Chairman Eric Schmidt told the CSMonitor in 2013 that: “The impact of the data revolution will be to strip citizens of much of their control over their personal information....The communication technologies we use today are invasive by design, collecting our photos, comments and friends into giant databases that are searchable and, in the absence of regulation...[it is all] fair game  [bold added]


The Google problem is unique in the context of the US-EU Data Safe Harbor.

Google’s unique corporate mass indiscriminate surveillance of most Europeans combined with Google’s unique, systematic defiance of Europeans’ privacy rights and EU sovereignty, confronts European and American Safe Harbor negotiators with a potential “irresistible force meets immovable object” conundrum.

One potential solution to this singular unproductive dilemma would be to temporarily exclude Google from the protections of the US-EU Data Safe Harbor until it resolves its privacy violation problems to the EU’s satisfaction, so that one bad actor does not spoil the whole process for the thousands of companies that have and will respect their Data Safe Harbor responsibilities.

Is anybody listening? Google is.


Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, an emergent enterprise risk consultancy for Fortune 500 companies, some of which are Google competitors, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests. He is also author of “Search & Destroy: Why You Can’t Trust Google Inc.” Cleland has testified before both the Senate and House antitrust subcommittees on Google and also before the relevant House oversight subcommittee on Google’s privacy problems.