Sunday, June 10, 2007

Google, Hostile to Privacy?

Privacy International, a London-based organization focused on privacy intrusions by government and businesses, released a report (detailed in this PDF) that analyzed the privacy practices of 22 Internet companies. Google received the lowest mark, followed by Yahoo, Windows Live Spaces, Hi5, Apple and AOL. Here are some of the reasons why Google was declared "hostile to privacy":

* IP addresses are not considered personal information. They do not believe that they collect sensitive information.

* Vague, incomplete and possibly deceptive privacy policy. Document fails to explain detailed data processing elements or information flows.

* Generally poor track record of responding to customer complaints. Ambivalent attitude to privacy challenges (for example, complaints to EU privacy regulators over Gmail). Privacy mandate is not embedded throughout the company. Techniques and technologies frequently rolled out without adequate public consultation (e.g. Street level view).

* Will utilise Doubleclick's "Dynamic Advertising Reporting & Targeting" (DART) advanced profiling system.

* Google account holders that regularly use even a few of Google's services must accept that the company retains a large quantity of information about that user, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure, and without an opportunity to delete or withdraw personal data even if the user wishes to terminate the service.

* Google maintains records of all search strings and the associated IP-addresses and time stamps for at least 18 to 24 months and does not provide users with an expungement option. While it is true that many US based companies have not yet established a time frame for retention, there is a prevailing view amongst privacy experts that 18 to 24 months is unacceptable, and possibly unlawful in many parts of the world.

* Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information from Orkut.

* Google collects all search results entered through Google Toolbar and identifies all Google Toolbar users with a unique cookie that allows Google to track the user's web movement. Google does not indicate how long the information collected through Google Toolbar is retained, nor does it offer users a data expungement option in connection with the service.

* Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.

* Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.

The report concludes that "the current frenzy to capture ad space revenue through the exploitation of new technologies and tools will result in one of the greatest privacy challenges in recent decades."

Google's reaction to this report? "We are disappointed with Privacy International's report, which is based on numerous inaccuracies and misunderstandings about our services. It's a shame that Privacy International decided to publish its report before we had an opportunity to discuss our privacy practices with them."

I think Google's main problem is that they make the privacy issues very visible and attract a lot of attention. For example, Google Toolbar has a very scary dialog that asks you read some information before deciding if you want to enable the PageRank feature, but fails to explain too much.


Privacy continues to be the Achilles' heel of Google, even though they didn't release millions of search queries that contained personal information (like AOL) or sent people to jail (like Yahoo).

No comments:

Post a Comment