Google’s new privacy policy: much ado about very little

Google’s recent privacy policy update has caused great consternation. Some commentators have expressed concern about the new policy’s compliance with various privacy law frameworks (particularly the EU’s data protection laws); the aggregation of users’ personal information and others have made ridiculous claims about the policy being the “end of privacy as we know it“. We took a close look at the new privacy policy, what has changed from October’s version and what this really means for users. It turns out much of the fuss is uninformed, sensationalist and unjustified.

One Privacy Policy to Rule Them All

Essentially Google has taken a number of privacy policies spread across multiple services and consolidated them into a single privacy policy that covers personal information processing across all Google services. This isn’t as simple as it sounds and its benefits are not immediately apparent. One of the disadvantages of having multiple privacy policies governing multiple services is that you can’t be sure that your personal information will be handled consistently from service to service or even that all of the policies process your personal information in a way that doesn’t prejudice you unreasonably. This also potentially means diminished transparency, less informed consent and greater uncertainty – all less than desirable features of a document of such importance. With a unified policy users have greater certainty as to what personal information Google is collecting and what it is doing with that personal information. To add to this, the new privacy policy continues Google’s practice of writing very clear and plain policies (when I am looking for inspiration for legal terms, I often look to Google’s terms for their clarity and emphasis on good, plain language).

Another thing Google does it publish comparisons between policy versions. This is part of the comparison between the October 2011 version and the March 2012 version:

Privacy Policy – Policies & Principles

Google does a terrific job purely from the perspective of transparency. Users are advised in advance what changes are going to be made and are shown not only the new policy document but also the changes from one version to the next. This behaviour doesn’t receive enough attention. Not many companies go to such lengths to be so transparent about these sorts of changes.

Positive Changes

The policy, for the most part, doesn’t change the privacy framework under the previous model. Users haven’t lost control over their personal information and haven’t been forced to be more public than they may wish to be. This approach largely fell away a couple years after the Facebook privacy debacles. In the last year or so Google, Facebook and other services have been more careful with users’ personal information and their privacy policies reflect this.

The new policy clarifies how users can “make meaningful choices about how” Google uses their personal information. Users have a couple of options available should they wish to access and review personal information Google holds; adjust their ad preferences; control who they share their personal information with and even if they choose to export their personal information from Google’s services. The new policy also states that browsers can be set to block or moderate cookies but cautions about diminished functionality in its services if users choose to do so (this is the incentive for users not to moderate cookies).

A change I found very interesting is this sentence:

We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

Previously the privacy policy allowed for personal information on an opt-out basis:

Google uses the DoubleClick advertising cookie on AdSense partner sites and certain Google services to help advertisers and publishers serve and manage ads across the web. You can view and manage your ads preferences associated with this cookie by accessing the Ads Preferences Manager. In addition, you may choose to opt out of the DoubleClick cookie at any time by using DoubleClick’s opt-out cookie.

Why People Are Concerned

The primary reason most commentators seem to be concerned about the new privacy policy is the following clauses:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.

We may use the name you provide for your Google Profile across all of the services we offer that require a Google Account. In addition, we may replace past names associated with your Google Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Google Profile information, such as your name and photo.

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Essentially Google is consolidating the personal information it has from its users across its various services into a more complete, useful and valuable database. Previous the various privacy frameworks and notionally distinct services meant that a user could have varying exposure to personalised ads and to personal information processing. Under the more consolidated model, users can be more readily and more accurately profiled and better targeted with ads. Their experience of Google’s services can also be improved where data can be shared across services (another reason for the change) to enhance users’ general Google experience.

This change reflects increasing integration of Google’s services into a more cohesive set of services not dissimilar to Facebook which has always been regarded as a single, multi-faceted service but one which permits personal information published through one aspect of the service to be used with other aspects of the Facebook service as well as to better target ads.

Some of the clauses are mixed bags. This next clause makes an important point that sensitive personal information won’t be associated with cookies and then glosses over the implications of those cookies and other technologies like pixel tags by explaining their value in setting the correct language preferences:

We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

Google has been viewed with suspicion for some time now due to its size and presence in our daily lives. There is no question that Google uses personal information to personalise its ads and users’ experience of many of its services. That said, Google works to be more transparent about its disclosure of personal information to governments (one of the times Google will hand over your personal information is in response to a valid and legally binding request from a government). Contrary to the article in a recent issue of the Star titled, “Big Brother has nothing on Google” (this article is largely a series of exaggerations, some of which are factually questionable), the new policy does not give Google carte blanche to sell user data at will. The policy is fairly clear on this point:

Information we share

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:

  • With your consent

    We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

  • With domain administrators

    If your Google Account is managed for you by a domain administrator (for example, for Google Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:

    • view statistics regarding your account, like statistics regarding applications you install.
    • change your account password.
    • suspend or terminate your account access.
    • access or retain information stored as part of your account.
    • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
    • restrict your ability to delete or edit information or privacy settings.

    Please refer to your domain administrator’s privacy policy for more information.

  • For external processing

    We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

  • For legal reasons

    We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable Terms of Service, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

While Google has given itself the ability to exchange your personal information across its services for various reasons, it does not mention selling users’ personal information to 3rd party advertisers. If anything, the policy wording tends to rule that out subject to Google’s ability to disclose your personal information for those sorts of purposes if you consent to it or if the person administering the domain your Google account forms part of does something similar (Google leaves it up to those administrators to develop their own privacy framework).


Many commentators criticise Google and other companies, ostensibly on the mistaken assumption that they are entitled to a particular range of services or to be subject to terms and conditions or privacy policies they find more favourable. This is a flawed assumption. Google is a “for profit” company and, at the same time, it makes a concerted effort to strike a balance between its commercial interests and its users’. The outcomes of that effort include clearly written policies which inform users what happens to their personal information from the time they submit it to Google. The document’s clarity means that users are more likely to understand it and its implications and give their informed consent to Google. That is what a privacy policy should strive for.

In addition, this policy does not make further inroads into user privacy. The general exception is the extent to which aggregating personal information across Google’s services impacts on user privacy more extensively.

Google has also given users the tools to control their personal information fairly effectively by removing it, blocking its collection or correcting it. I say “fairly” because the policy also mentions that users have control over “many” of Google’s services, not all of them.

Ultimately personal information is the price users pay to use Google’s (and other) services and while the choice to use other services often isn’t as appealing, it remains an option. Users also have tools independent of Google to help protect their privacy. One such tool is alternative browsers like Firefox which includes various settings to help protect users’ privacy. Even Google’s Chrome gives users the ability to better control their personal information.

Much of the new policy is a clarification of the previous version with paragraphs being restructured or otherwise amended to improve them from a usability perspective. All the hype and fuss about the privacy policy seems to be mostly bluster and much ado about very little after all.

Update: I found out about this great video on This Week in Law 147 which presents a great perspective on the policy changes:

Nastassja de la Guerre helped out with a more detailed comparison between the October 2011 and March 2012 versions and an assessment of the impact of those changes. Nastassja is a candidate attorney at Jacobson Attorneys.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: