Google Dashboard: discover how much Google knows about you

Google announced its Dashboard yesterday as part of its effort to address users’ privacy concerns. The Dashboard gives you an overview of what personal information Google has collected about you through your use of its various services. The Dashboard is not public and you can only access it by signing in to view it. Viewing your Dashboard for the first time can be both disturbing and revealing. The Dashboard shows you details about your email accounts, your YouTube viewing habits and a lot more. Mine even told me what my last recorded location on Latitude was.

Dashboard isn’t about privacy as secrecy but rather about privacy in the sense of being able to discover how much personal information has been collected and how much of that is publicly visible. The Dashboard also contains a variety of links to settings pages where you can modify your privacy settings for the various services you use as well as some guidance how to improve your privacy (as in secrecy).

Google’s privacy policy is the enabling mechanism in terms of which you agree to all of this information being collected. That’s not new and Google isn’t the only company collecting your personal information. Facebook does it and so does virtually every website you visit or have an account with. Not all of them have privacy policies either.

What I find interesting about Dashboard is that it represents a serious effort to be transparent about what Google knows about you. Coupled with Google’s Data Liberation initiative to show you how to get your data out of Google’s services, Google is demonstrating an apparently sincere desire to keep you informed about the privacy implications of using its services.

There is an analogy in South African law. The Promotion of Access to Information Act creates a mechanism whereby you can require a company to disclose the personal information it has about you. Companies above a threshhold are required to publish a manual describing how you go about requesting this information. Google has gone a few steps further and is making this information available to you in alarming detail.

The Register makes a couple good points about Dashboard that adds an important perspective:

Although the Dashboard service goes some way towards answering the question of what Google knows about our lives online, it doesn’t really provide many clues about how Google uses this information. In addition, one thing not included in the run-down is cookie-based data Google collects via its huge online ad-serving business.

Even so, Google Dashboard holds a lot of potentially sensitive data, providing yet another good reason for users to use hard to guess (strong) passwords on their Gmail or other Google accounts.

It isn’t entirely accurate that Google doesn’t tell you what it does with your personal information. Its privacy policy gives a number of insights into what it does with your personal information, although not in much detail:

We offer a number of services that do not require you to register for an account or provide any personal information to us, such as Google Search. In order to provide our full range of services, we may collect the following types of information:

  • Information you provide – When you sign up for a Google Account or other Google service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). For certain services, such as our advertising programs, we also request credit card or other payment account information which we maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information.
  • Cookies – When you visit Google, we send one or more cookies – a small file containing a string of characters – to your computer or other device that uniquely identifies your browser. We use cookies to improve the quality of our service, including for storing user preferences, improving search results and ad selection, and tracking user trends, such as how people search. Google also uses cookies in its advertising services to help advertisers and publishers serve and manage ads across the web. We may set one or more cookies in your browser when you visit a website, including Google sites that use our advertising cookies, and view or click on an ad supported by Google’s advertising services.
  • Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
  • User communications – When you send email or other communications to Google, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.
  • Affiliated Google Services on other sites – We offer some of our services on or through other web sites. Personal information that you provide to those sites may be sent to Google in order to deliver the service. We process such information under this Privacy Policy. The affiliated sites through which our services are offered may have different privacy practices and we encourage you to read their privacy policies.
  • Gadgets – Google may make available third party applications through its services. The information collected by Google when you enable a gadget or other application is processed under this Privacy Policy. Information collected by the application or gadget provider is governed by their privacy policies.
  • Location data – Google offers location-enabled services, such as Google Maps for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
  • Links – Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising. Read more information about links and redirected URLs.
  • Other sites – This Privacy Policy applies to Google services only. We do not exercise control over the sites displayed as search results, sites that include Google applications, products or services, or links from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.

Google only processes personal information for the purposes described in this Privacy Policy and/or the supplementary privacy notices for specific services. In addition to the above, such purposes include:

  • Providing our services, including the display of customized content and advertising;
  • Auditing, research and analysis in order to maintain, protect and improve our services;
  • Ensuring the technical functioning of our network;
  • Protecting the rights or property of Google or our users; and
  • Developing new services.

You can find more information about how we process personal information by referring to the supplementary privacy notices for particular services.

Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.

In related news … Facebook

facebook_64.pngFacebook published an updated privacy policy that is even clearer about what personal information Facebook collects and what it does with that personal information. The draft policy was published for comment just over a week ago in accordance with Facebook’s new comment and voting process it implemented with its revamped legal framework a while ago. The new process requires that a certain number of votes be received before users can influence the adoption of a new policy framework in a meaningful way. Short of that it is up to Facebook to collate comments and incorporate them at will.

The draft policy is very clear. It was drafted in plain language and it explains to users what happens to the personal information Facebook collects. One of the concerns is more about 3rd parties and what they do with users’ personal information. As the draft policy points out:

We take steps to ensure that others use information that you share on Facebook in a manner consistent with your privacy settings, but we cannot guarantee that they will follow our rules. Read the following section to learn more about how you can protect yourself when you share information with third parties.

The American Civil Liberties Union published a quiz on Facebook that reveals what 3rd parties learn about you when you use 3rd parties applications. It is alarming how the massive amount of personal information users make available on Facebook can be collated and what it can be used for. This doesn’t just affect users who use these applications but extends to their contacts, often without their contacts’ express consent.

It is essential that users pay careful attention to their privacy settings on Facebook because these settings apparently dictate what personal information can be disclosed. Simply creating a complete profile involves disclosing a lot of detailed personal information and the privacy settings are often the only thing standing in the way of total and unwanted disclosure. There has also been talk that even these privacy settings can be disregarded in certain circumstances so even that protection is somewhat limited.

Of course there is also the persistent risk that the safeguards that are in place could be overcome:

Risks inherent in sharing information. Although we allow you to set privacy options that limit access to your information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you share your information. We cannot guarantee that only authorized persons will view your information. We cannot ensure that information you share on Facebook will not become publicly available. We are not responsible for third party circumvention of any privacy settings or security measures on Facebook. You can reduce these risks by using common sense security practices such as choosing a strong password, using different passwords for different services, and using up to date antivirus software.

The only safe assumption that anyone can make when active on the social Web is to assume that anything you publish online can be made public and then decide from there whether to publish the information in the first place.

The point

There are clear advances in how privacy policies are prepared and communicated to users. Facebook is a pioneer in developing plain language and interactive legal frameworks even though there are real concerns about the sanctity of personal information disclosed to Facebook and its partners.

On the other hand, Google has taken some significant steps in improving not just how transparent it is about what personal information it collects from its users but also how users can take their data out of the Google ecosystem and migrate to other services. This latter area is one in which Facebook is lagging behind considerably, despite its efforts to date to enable data portability.

Of course Google’s transparency doesn’t change the fact that Google does collect a considerable amount of personal information about you and that body of personal information grows as your use of Google’s services increases over time. The same can be said for Facebook and what this means is that privacy on the Web is really less about secrecy and more about the degree of control you have over the personal information that is collected and what is done with it.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: