Top
Subscribe to Legal Notes
* indicates required
Back office

Entries in privacy policy (6)

Friday
Mar092012

Google's new privacy policy: much ado about very little

Google's recent privacy policy update has caused great consternation. Some commentators have expressed concern about the new policy's compliance with various privacy law frameworks (particularly the EU's data protection laws); the aggregation of users' personal information and others have made ridiculous claims about the policy being the "end of privacy as we know it". We took a close look at the new privacy policy, what has changed from October's version and what this really means for users. It turns out much of the fuss is uninformed, sensationalist and unjustified.


One Privacy Policy to Rule Them All

Essentially Google has taken a number of privacy policies spread across multiple services and consolidated them into a single privacy policy that covers personal information processing across all Google services. This isn't as simple as it sounds and its benefits are not immediately apparent. One of the disadvantages of having multiple privacy policies governing multiple services is that you can't be sure that your personal information will be handled consistently from service to service or even that all of the policies process your personal information in a way that doesn't prejudice you unreasonably. This also potentially means diminished transparency, less informed consent and greater uncertainty – all less than desirable features of a document of such importance. With a unified policy users have greater certainty as to what personal information Google is collecting and what it is doing with that personal information. To add to this, the new privacy policy continues Google's practice of writing very clear and plain policies (when I am looking for inspiration for legal terms, I often look to Google's terms for their clarity and emphasis on good, plain language).

Another thing Google does it publish comparisons between policy versions. This is part of the comparison between the October 2011 version and the March 2012 version:

Privacy Policy – Policies & Principles

Google does a terrific job purely from the perspective of transparency. Users are advised in advance what changes are going to be made and are shown not only the new policy document but also the changes from one version to the next. This behaviour doesn't receive enough attention. Not many companies go to such lengths to be so transparent about these sorts of changes.

Positive Changes

The policy, for the most part, doesn't change the privacy framework under the previous model. Users haven't lost control over their personal information and haven't been forced to be more public than they may wish to be. This approach largely fell away a couple years after the Facebook privacy debacles. In the last year or so Google, Facebook and other services have been more careful with users' personal information and their privacy policies reflect this.

The new policy clarifies how users can "make meaningful choices about how" Google uses their personal information. Users have a couple of options available should they wish to access and review personal information Google holds; adjust their ad preferences; control who they share their personal information with and even if they choose to export their personal information from Google's services. The new policy also states that browsers can be set to block or moderate cookies but cautions about diminished functionality in its services if users choose to do so (this is the incentive for users not to moderate cookies).

A change I found very interesting is this sentence:

We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

Previously the privacy policy allowed for personal information on an opt-out basis:

Google uses the DoubleClick advertising cookie on AdSense partner sites and certain Google services to help advertisers and publishers serve and manage ads across the web. You can view and manage your ads preferences associated with this cookie by accessing the Ads Preferences Manager. In addition, you may choose to opt out of the DoubleClick cookie at any time by using DoubleClick’s opt-out cookie.

Why People Are Concerned

The primary reason most commentators seem to be concerned about the new privacy policy is the following clauses:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.

We may use the name you provide for your Google Profile across all of the services we offer that require a Google Account. In addition, we may replace past names associated with your Google Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Google Profile information, such as your name and photo.

...

...

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Essentially Google is consolidating the personal information it has from its users across its various services into a more complete, useful and valuable database. Previous the various privacy frameworks and notionally distinct services meant that a user could have varying exposure to personalised ads and to personal information processing. Under the more consolidated model, users can be more readily and more accurately profiled and better targeted with ads. Their experience of Google's services can also be improved where data can be shared across services (another reason for the change) to enhance users' general Google experience.

This change reflects increasing integration of Google's services into a more cohesive set of services not dissimilar to Facebook which has always been regarded as a single, multi-faceted service but one which permits personal information published through one aspect of the service to be used with other aspects of the Facebook service as well as to better target ads.

Some of the clauses are mixed bags. This next clause makes an important point that sensitive personal information won't be associated with cookies and then glosses over the implications of those cookies and other technologies like pixel tags by explaining their value in setting the correct language preferences:

We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

Google has been viewed with suspicion for some time now due to its size and presence in our daily lives. There is no question that Google uses personal information to personalise its ads and users' experience of many of its services. That said, Google works to be more transparent about its disclosure of personal information to governments (one of the times Google will hand over your personal information is in response to a valid and legally binding request from a government). Contrary to the article in a recent issue of the Star titled, "Big Brother has nothing on Google" (this article is largely a series of exaggerations, some of which are factually questionable), the new policy does not give Google carte blanche to sell user data at will. The policy is fairly clear on this point:

Information we share

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:



  • With your consent

    We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.


  • With domain administrators

    If your Google Account is managed for you by a domain administrator (for example, for Google Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:


    • view statistics regarding your account, like statistics regarding applications you install.
    • change your account password.
    • suspend or terminate your account access.
    • access or retain information stored as part of your account.
    • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
    • restrict your ability to delete or edit information or privacy settings.

    Please refer to your domain administrator’s privacy policy for more information.


  • For external processing

    We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.


  • For legal reasons

    We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:


    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable Terms of Service, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

While Google has given itself the ability to exchange your personal information across its services for various reasons, it does not mention selling users' personal information to 3rd party advertisers. If anything, the policy wording tends to rule that out subject to Google's ability to disclose your personal information for those sorts of purposes if you consent to it or if the person administering the domain your Google account forms part of does something similar (Google leaves it up to those administrators to develop their own privacy framework).

Perspective

Many commentators criticise Google and other companies, ostensibly on the mistaken assumption that they are entitled to a particular range of services or to be subject to terms and conditions or privacy policies they find more favourable. This is a flawed assumption. Google is a "for profit" company and, at the same time, it makes a concerted effort to strike a balance between its commercial interests and its users'. The outcomes of that effort include clearly written policies which inform users what happens to their personal information from the time they submit it to Google. The document's clarity means that users are more likely to understand it and its implications and give their informed consent to Google. That is what a privacy policy should strive for.

In addition, this policy does not make further inroads into user privacy. The general exception is the extent to which aggregating personal information across Google's services impacts on user privacy more extensively.

Google has also given users the tools to control their personal information fairly effectively by removing it, blocking its collection or correcting it. I say "fairly" because the policy also mentions that users have control over "many" of Google's services, not all of them.

Ultimately personal information is the price users pay to use Google's (and other) services and while the choice to use other services often isn't as appealing, it remains an option. Users also have tools independent of Google to help protect their privacy. One such tool is alternative browsers like Firefox which includes various settings to help protect users' privacy. Even Google's Chrome gives users the ability to better control their personal information.

Much of the new policy is a clarification of the previous version with paragraphs being restructured or otherwise amended to improve them from a usability perspective. All the hype and fuss about the privacy policy seems to be mostly bluster and much ado about very little after all.

Update: I found out about this great video on This Week in Law 147 which presents a great perspective on the policy changes:

Nastassja de la Guerre helped out with a more detailed comparison between the October 2011 and March 2012 versions and an assessment of the impact of those changes. Nastassja is a candidate attorney at Jacobson Attorneys.

AuthorPaul Jacobson | DateFriday, March 9, 2012 at 6:01AM | | CommentPost a Comment
in ,
Monday
Nov142011

Austrian law student's crusade against Facebook highlights users' responsibilities

Sir Archibald Weigall (LOC)Austrian law student, Max Schrems, has embarked on a crusade against Facebook aimed at exposing what he considers to be Facebook's misuse of users' personal information. Schrems has lodged 22 Reclamacións (I understand these to be a form of complaint) against Facebook with the Irish Data Protection Commissioner (Facebook's legal presence outside the US is in Ireland) regarding Facebook practices ranging from its Data Use Policy contents and the effectiveness of consent to the Data Use Policy to Facebook's apparent practice of collecting personal information about or relating to people who are not yet Facebook users.

These complaints raise a number of concerns about the extent to which Facebook has complied with Europe's Data Protection Directives which establish a legal framework to protect European users' personal information and privacy rights. The Irish Data Commission is either about to or is in the process of conducting an audit of Facebook's privacy practices and we should learn whether Schrems' complaints are valid in due course but what this crusade does highlight is users' responsibilities when sharing information and content on Facebook.

Facebook's Data Use Policy is fairly extensive. At one point Schrems mentions that if the Data Use Policy were reproduced with a more readable font it would be close to 20 pages. I reformatted the Data Use Policy with 1.5pt line spacing and size 11 font and it worked out to about 17 A4 pages. It is readable and extensive. The primary reason for the policy's length and Facebook's efforts to explain the policy and privacy settings in different ways is that using Facebook has seriously implications for your privacy. The sharing controls have improved drastically over the last few years culminating in a recent update which exposes publicity controls in every post.

One of the issues Schrems raised concerns about was how much information he found in his downloadable archive of his Facebook profile. Schrems' archive apparently ran to about 1 222 pages of data. I picked up concerns about how much information is contained in the archive (and, therefore, how much personal information Facebook receives and stores) and how much information he felt was not included.

Facebook archive download page

Social media users are slowly coming to the realization that these free services we flock to in the tens and hundreds of millions have a lot of information about us and which we supply to them. Facebook is a great example because of its sheer size. The upcoming Timeline feature will heighten that awareness as it exposes users' profile information and interaction going about as far back as they have been members, possibly even further back if users populate their profiles with historical biographical data. The point we are heading to is that privacy as secrecy is largely a myth on the social Web. If you are active on the social Web, emphasis shifts to the extent to which you have meaningful control over your personal information and this is where Facebook has historically been pretty bad. That said, Facebook's privacy controls and its Data Use Policy have improved dramatically in the last 4 to 5 years. Facebook's anticipated deal with the FTC should firmly place control over users' profile information more in their hands than they have experienced in the past and that is a win for users.

Facebook is clearly improving its policy language and practices by being more transparent about what personal information it collects from users and what it does with that personal information as well as giving users more meaningful control over what they can do with their personal information and content in the Facebook ecosystem. Users must remember that how well their privacy is protected largely comes down to the choices they make. Failing to familiarize themselves with privacy policies and make proper use of privacy settings made available to them is no longer an option for users concerned about their privacy. If services like Facebook require more than users are comfortable sharing then they should refrain from using those services.

Facebook may have violated Europe's privacy laws as Schrems contends. We will have to wait for the results of the Commissioner's audit to make that determination. We may also discover that Schrems' much publicized campaign amounts to little more than tilting at windmills. Facebook insists that it complies with these laws and will make whatever adjustments are required should the Irish Data Protection Commissioner find it to be acting unlawfully. Hopefully this crusade will remind users just how much they share on services like Facebook and take a little more responsibility for that.

AuthorPaul Jacobson | DateMonday, November 14, 2011 at 1:14PM | | CommentPost a Comment
in , , ,
Monday
Nov142011

What the Facebook settlement will probably mean for you

Facebook privacy1Facebook changed its privacy policy in 2009 to make users' profiles more public by default. The changes came under pretty severe criticism at the time and prompted a complaint to the US Federal Trade Commission, the essence of which was the following:

The basic premise of the complaint is that most users either don't understand the changes they are being prompted to make, or that the changes are so complex that even experienced users are confused by them. (These arguments are supported by numerous quotes from tech gurus around the Web discussing their frustration and confusion with the new settings.) As a result, EPIC believes users are being misled by Facebook into exposing more than they had ever intended. "Absent injunctive relief by the Commission, Facebook is likely to continue its unfair and deceptive business practices and harm the public interest," wrote EPIC.

It seems that complaint is in the process of being resolved. The Wall Street Journal has reported (the full article may only be available to Wall Street Journal subscribers) that Facebook and the FTC are close to a settlement of the complaint. The settlement will likely require that Facebook obtain users' explicit consent before making retroactive changes to their privacy settings. This means that Facebook can't, for example, make "Friends only" posts public without users' explicit consent. While it sounds somewhat outrageous that Facebook would do this, this is pretty much what Facebook did in 2009 and earlier when it changed its privacy policies.

Looking ahead, Facebook will be required to respect your privacy choices and not make unilateral changes to what you are sharing with whom. That said, the settlement will still allow Facebook to introduce new products and services going forward which may require particular sharing settings, and obtain your consent to those changes in some way. That may simply take the form of a consent in future versions of Facebook's privacy policy. This settlement's focus will remain on retroactive changes to your privacy settings, it won't determine how content may be shared going forward. This remains users' responsibility. Users simply must familiarize themselves with Facebook's privacy controls and make informed choices about what they share and with whom. A good starting point is this overview of Facebook's Data Use Policy.

Another interesting feature of the settlement is that Facebook may find itself subject to an FTC 20 year privacy review process. This is similar to one of the conditions of Google's Buzz settlement with the FTC earlier this year.

AuthorPaul Jacobson | DateMonday, November 14, 2011 at 10:15AM | | CommentPost a Comment
in ,
Friday
Aug122011

LinkedIn's privacy policy changes underscore a larger threat to users

LinkedIn screenshot

LinkedIn has caused quite a fuss in the last few days with its changes to its privacy policy on 16 June 2011 enabling it to make use of users' profile photos and names in what it terms "social advertising", among other things. What is more interesting is how it gave itself the right to do this. The clause in the privacy policy dealing with this is 2(K) which states the following:

Advertising and Endorsements on LinkedIn

In order to deliver relevant and valuable ads to you and your network, LinkedIn may use your name and profile photo in connection with social advertising based on content shared on LinkedIn. This advertising may include the fact that you have recommended or endorsed a product or service on LinkedIn, followed a company, joined Groups or conversations, established or added content to your profile, etc., and will only be displayed to your LinkedIn network. You can opt-out of allowing your name and/or profile photo to be used in social ads here.

The mechanism LinkedIn uses to make changes to its privacy policy is set out in clause 5(C) which states the following:

Changes to this Privacy Policy

We may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way we treat your personally identifiable information, or in the Privacy Policy document itself, we will display a notice on the LinkedIn website or send you an email, so that you may review the changed terms prior to continuing to use the site. As always, if you object to any of the changes to our terms, and you no longer wish to use LinkedIn, you may close your account. Unless stated otherwise, our current Privacy Policy applies to all information that LinkedIn has about you and your account.

Using the LinkedIn Services after a notice of changes has been sent to you or published on our site shall constitute consent to the changed terms or practices.

This mechanism is not unique to LinkedIn. It is common in virtually all website terms and conditions and privacy policies and is fairly essential for the ongoing maintenance of a site and its continued evolution. In South Africa this sort of change is permissible where the provider notifies users of the change in the service's terms and conditions and gives users an opportunity to stop using the service.

What is problematic about this particular matter and how LinkedIn words its legal documents is the extent to which the terms and conditions and privacy policy go. I wrote about this in February 2009 and, at the time, argued that as bad as Facebook's terms and conditions were at the time, LinkedIn's are potentially far worse. At the time I first wrote about LinkedIn's terms and conditions, I focused on the license provisions in its User Agreement which remain in the current version of the User Agreement. I wrote the following:

As I mentioned above, the license LinkedIn takes from its users is very broad and it bears repeating:

... a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royaltyfree right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, and use and commercialize, in any way now known or in the future discovered, anything that you submit to us, without any further consent, notice and/or compensation to you or to any third parties ...

The license covers anything users submit to LinkedIn. This obviously includes biographical information but it also includes the valuable knowledge users share with each other in LinkedIn's fora and Q&A service. These services include shared knowledge across a number of industries from users who are, themselves, frequently experts in their fields. All of this knowledge falls under the scope of this license and can be exploited commercially without any regard to its users' wishes. They have, after all, agreed to these terms. Just to be clear, LinkedIn does not appear to claim ownership of this knowledge or information (in fact, given its position in the OpenSocial community and is association with organisations like Plaxo which advocate user control over their data, I suspect LinkedIn would deny any suggestion that it claims ownership of user content and knowledge) but its license is so broad as to parallel ownership rights. The only thing it seems not to claim is what is known as bare dominium which is the last vestige of ownership the user retains, along with his or her rights to exploit his or her own content and knowledge.

The license applies not just to content you may contribute directly to the service (for example, that biographical data Amanda referred to in her post) but also to "any User generated content, ideas, concepts, techniques and data" you submit to LinkedIn. In addition to the knowledge users submit through the Q&A service daily, consider the number of applications that are available to LinkedIn users and which enable users to "submit" slideshows from Slideshare, blog posts, travel data, uploaded files and business ideas and tips in its groups. If you contribute any information and knowledge through those or other tools, consider whether you are comfortable having that information and knowledge exploited for profit by the service that you perhaps expected to play the role of a facilitator and platform, rather than your competitor.

This controversy points to a larger threat to LinkedIn users and serves as a caution to people who use other services. The underlying changes to LinkedIn's terms and conditions have occurred largely unseen (were you aware of the changes in June?) and even where they do bubble up to the surface, few users read the terms and conditions and the proposed changes until after they have been effected and the controversy hits the media. As LinkedIn's current terms and conditions stand, LinkedIn stands to benefit considerably from users' contributions to the service, and inordinately so. The social advertising issue is just icing on the cake. If you use LinkedIn extensively (at least, more than just maintaining a profile), it is a good idea to carefully consider whether you are comfortable with LinkedIn having the rights it has over your content and your profile data.

As users we have little cause for complaint if we fail to exercise basic due diligence and satisfy ourselves that we are comfortable with the rights our social services take in respect of our profiles and content.

Update: One of my contacts on Google+ pointed out this post on the LinkedIn blog which went up yesterday and which addresses the social ads issue fairly well:

Our core guiding value is Members First. And, with regards to the social ads we’ve been testing, we’re listening to our members. We could have communicated our intentions — to provide more value and relevancy to our members — more clearly.

Most importantly, what we’ve learned now, is that, even though our members are happy to have their actions, such as recommendations, be viewable by their network as a public action, some of those same members may not be comfortable with the use of their names and photos associated with those actions used in ads served to their network.

So, we will be changing how these types of social ads look, from this:

Before: Social Ads

To this:

After: Social Ads

Trust is the foundation upon which the LinkedIn platform is built. We’ll continue to work hard to earn and maintain your trust, while delivering the most valuable and relevant experience we can.

AuthorPaul Jacobson | DateFriday, August 12, 2011 at 11:18AM | | CommentPost a Comment
in , , , ,
Friday
Feb112011

Developing effective privacy policies

Overton Bernard with surveying equipmentPrivacy is a hot topic this year, perhaps even more so than last year. The Protection of Personal Information Bill is slowly making its way through Parliament and will, when it is finally passed and signed into law, have quite a profound effect on our privacy law as well as how privacy and personal information is perceived by the general public and Business. The anticipated Act will be the first coherent piece of privacy law, certainly in a post-Constitution South Africa and will give the right to privacy much needed substance.

I've written about privacy a number of times in the past and about the central issues and considerations when it comes to developing a sound approach to personal information. The Protection of Personal Information Bill will, when passed, require structures, policies and procedures to be established within organisations to ensure and monitor compliance with the Act. This process takes some time given that an organisation typically collects and processes personal information both internally and externally and must have policies in place to address both.

Privacy and personal information protection is rapidly becoming an urgent theme for organisations who have laboured under the misapprehension that, prior to this Bill, South Africa has lacked a body of privacy law and those organisations could act with impunity when it comes to how they approach personal information. It feels a little like financial institutions' rush to sign up as many credit card customers as they could before the National Credit Act went into force a few years ago. What many of these organisations (and, regrettably, some of my colleagues) forget is that both our Interim and Final Constitutions have privacy rights entrenched by their respective Bills of Rights and our courts have developed a body of privacy law at common law which is reinforced by the Protection of Personal Information Bill.

In any event, the sooner organisations develop effective privacy policies the better. It is helpful to consider current best practices and draw on these examples when framing privacy policies. One company which has an appealing approach to its privacy policy is the location service, Foursquare, which not only has a very accessible privacy policy but has also compiled a handy guide to privacy and personal information in the context of its service. Foursquare's approach to privacy is remarkable because of the lengths the company goes to educate its users about the privacy implications of using its service. Foursquare's efforts include:

These documents are presented in plain language and the emphasis is on accessibility by non-lawyers (in other words, a minimum amount of jargon) and transparency about Foursquare's practices and how it collects and processes your personal information. This approach is essential because for users to give their informed consent to have their personal information collected and processed, they must understand exactly what that entails and be put in a position where they can make an informed decision whether to use that service.

AuthorPaul Jacobson | DateFriday, February 11, 2011 at 5:30AM | | CommentPost a Comment
in ,
Page 1 2 Next 5 Entries »