Dashboard isn’t about privacy as secrecy but rather about privacy in the sense of being able to discover how much personal information has been collected and how much of that is publicly visible. The Dashboard also contains a variety of links to settings pages where you can modify your privacy settings for the various services you use as well as some guidance how to improve your privacy (as in secrecy).
What I find interesting about Dashboard is that it represents a serious effort to be transparent about what Google knows about you. Coupled with Google’s Data Liberation initiative to show you how to get your data out of Google’s services, Google is demonstrating an apparently sincere desire to keep you informed about the privacy implications of using its services.
There is an analogy in South African law. The Promotion of Access to Information Act creates a mechanism whereby you can require a company to disclose the personal information it has about you. Companies above a threshhold are required to publish a manual describing how you go about requesting this information. Google has gone a few steps further and is making this information available to you in alarming detail.
The Register makes a couple good points about Dashboard that adds an important perspective:
Although the Dashboard service goes some way towards answering the question of what Google knows about our lives online, it doesn’t really provide many clues about how Google uses this information. In addition, one thing not included in the run-down is cookie-based data Google collects via its huge online ad-serving business.
Even so, Google Dashboard holds a lot of potentially sensitive data, providing yet another good reason for users to use hard to guess (strong) passwords on their Gmail or other Google accounts.
We offer a number of services that do not require you to register for an account or provide any personal information to us, such as Google Search. In order to provide our full range of services, we may collect the following types of information:
- Information you provide – When you sign up for a Google Account or other Google service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). For certain services, such as our advertising programs, we also request credit card or other payment account information which we maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information.
- Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
- User communications – When you send email or other communications to Google, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.
- Location data – Google offers location-enabled services, such as Google Maps for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
- Links – Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising. Read more information about links and redirected URLs.
- Providing our services, including the display of customized content and advertising;
- Auditing, research and analysis in order to maintain, protect and improve our services;
- Ensuring the technical functioning of our network;
- Protecting the rights or property of Google or our users; and
- Developing new services.
You can find more information about how we process personal information by referring to the supplementary privacy notices for particular services.
Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.
In related news … Facebook
The draft policy is very clear. It was drafted in plain language and it explains to users what happens to the personal information Facebook collects. One of the concerns is more about 3rd parties and what they do with users’ personal information. As the draft policy points out:
We take steps to ensure that others use information that you share on Facebook in a manner consistent with your privacy settings, but we cannot guarantee that they will follow our rules. Read the following section to learn more about how you can protect yourself when you share information with third parties.
The American Civil Liberties Union published a quiz on Facebook that reveals what 3rd parties learn about you when you use 3rd parties applications. It is alarming how the massive amount of personal information users make available on Facebook can be collated and what it can be used for. This doesn’t just affect users who use these applications but extends to their contacts, often without their contacts’ express consent.
It is essential that users pay careful attention to their privacy settings on Facebook because these settings apparently dictate what personal information can be disclosed. Simply creating a complete profile involves disclosing a lot of detailed personal information and the privacy settings are often the only thing standing in the way of total and unwanted disclosure. There has also been talk that even these privacy settings can be disregarded in certain circumstances so even that protection is somewhat limited.
Of course there is also the persistent risk that the safeguards that are in place could be overcome:
Risks inherent in sharing information. Although we allow you to set privacy options that limit access to your information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you share your information. We cannot guarantee that only authorized persons will view your information. We cannot ensure that information you share on Facebook will not become publicly available. We are not responsible for third party circumvention of any privacy settings or security measures on Facebook. You can reduce these risks by using common sense security practices such as choosing a strong password, using different passwords for different services, and using up to date antivirus software.
The only safe assumption that anyone can make when active on the social Web is to assume that anything you publish online can be made public and then decide from there whether to publish the information in the first place.
There are clear advances in how privacy policies are prepared and communicated to users. Facebook is a pioneer in developing plain language and interactive legal frameworks even though there are real concerns about the sanctity of personal information disclosed to Facebook and its partners.
On the other hand, Google has taken some significant steps in improving not just how transparent it is about what personal information it collects from its users but also how users can take their data out of the Google ecosystem and migrate to other services. This latter area is one in which Facebook is lagging behind considerably, despite its efforts to date to enable data portability.
Of course Google’s transparency doesn’t change the fact that Google does collect a considerable amount of personal information about you and that body of personal information grows as your use of Google’s services increases over time. The same can be said for Facebook and what this means is that privacy on the Web is really less about secrecy and more about the degree of control you have over the personal information that is collected and what is done with it.