Google has attracted a lot of criticism for
the changes in its privacy policy that it introduced at the start of the month.
So, asks Simon Brew, what’s the problem?
Google, in hindsight, might just be
regretting that decision to work under an initial guiding mantra of ‘don’t be
evil’, as it famously did when it first set out. Appreciating that it’s easier
not to be evil when you’re just starting out an by nature a much smaller
company, the press that the company has attracted over the past few years has
been in stark contrast to its stated aim. From rows over the censorship of
material in China, though to the privacy questions increasingly asked in
relation to Google’s growing collecting of services, concerns have been raised
over just how much power and influence Google has.
Not that you have to look far for the
question: ‘a lot’, seems to be the current consensus. Think of everything you
type into a Google product, and consider what that says about you. Then
remember that it’s more than likely all held on a very big server somewhere.
Then try not to panic.
Google,
privacy & you
Fear
‘If
you take it at face value, Google’s intention, at heart, was welcome.’
Most of the fears that people have are
centred around, it should be said, what Google could do, given the large
amounts of data it holds about our web habits, as opposed to what it is doing.
It’s hardly spotless in the way in goes about targeting advertising around us,
using our web behaviour to hit us with more relevant ads, whether we’re
browsing search results or checking our e-mail. But there’s a strong argument
nonetheless that the noise generated by its actions is far more impactful than
what’s actually being shouted about. That notwithstanding, there are real,
growing fears about Google, and its latest actions have thrown those fears into
sharp focus.
If you’re a regular user of Google
services, as most of us are, then you’ll have been nagged a little over the
past month or two. Well, perhaps nagged quite a lot. You’ll have seen messages
from Google when you’re logged into services such as Gmail, or Google Calendar,
or YouTube. Those messages talk about the changes to privacy settings that are
going to affect you, and Google has been trying very hard to persuade lots of
people to read them.
Most of us don’t read them, of course, not
least because whenever we head towards terms and conditions, we rarely find
anything written in a language that’s possible for most to understand. Legalese
is a tongue all of its own, and the idea of wading through page after page of
the stuff is hardly something to get you excited. Google knows this, of course,
but it has to be seen to be trying, and it’s been commended for doing so.
In this instance, if you take it at face
value, Google’s intention, at heart, was a welcome one. Such is the range of
services that it offers and operates, it wanted to streamline the privacy
policies for them into one consolidated document. Thus, instead of having to be
aware of umpteen policies, its users need only concern themselves with one.
This affected over 70 of its services, and
in its simplest terms, would seem to be a welcome step forward in simplicity.
But then that’s face value for you, because what the changes have, in theory,
allowed Google to do, is to take data collected in one of its services and use
it in another. We’ll come to that in a bit more detail shortly.
What’s changed?
Before that, there’s something we should be
straight about from the start. One thing that’s been lost in the furore over
Google’s latest changes is this: it doesn’t involve collecting anything over
and above the material that Google already gathers at the moment (although, to
be fair, it does gather an awful lot). It doesn’t suddenly want to know your
inside leg measurement (although there’s a chance it may know that already, we
say only half-jokingly. If you’ve ever typed your inside leg measurement into a
search engine, then it may well have that information on a server somewhere).
This is about what it wants to do with the data it already collects, rather
than trying to get hold of any more.
The difference, and it’s a crucial one, is
in how it’s organised, and across how many services Google can use it. Whereas
before, for 70 or so individual services to use your information, you had to
enter it 70 different times, now Google only needs to get hold of it once.
Thus, whereas before, for example, Gmail
and YouTube both collected information about you, and stored it, those two
services worked independently of one another. User information was held in
different locations, and what you did on one service had no ramification on the
other.
With the new changes, things will be
different, and from Google’s point of view, it’s arguing that a union of its
service policies will better serve end users. So if you’re regularly watching
videos of football matches on YouTube, for example, it can alter the targeted
ads in your Gmail account accordingly. Perhaps more helpfully, if you regularly
e-mail somebody using a Google service, and then write their name as part of a
Google Docs file, then Google will be able to check that the spelling is
correct. Or if you search for a word with two meanings, then, over time, Google
will learn which is the more appropriate to you. It’s little features like that
which Google is keen to promote.
The benefits
As for the
privacy policy itself, Google’s argument is that this is more straightforward
for end users too. On its special YouTube video to promote the changes, Google boasts
of ‘fewer words, simpler explanations, and less legal gloop to wade through’.
It makes the whole, as a result, ‘more consistent’, and ‘easier to understand’.
Google account setting
The
introductory YouTube clip it’s put together, and no doubt it picks up that
you’ve watched it, is keen to sell more of those further benefits. So, for
example, by unifying data across its services, Google argues that I can detect
when you’re running late for an appointment, and warn you. It does this by
cross-checking your calendar, the time and your current location. That’s the
kind of feature that one person will find useful, and another may regard as a
bit more sinister, certainly. But at least it’s possible to see a tangible
advantage to it. Best not to use it if you’ve seen too many episodes of 24,
though.
However, to
say all this is a gesture of pure benevolence by Google would clearly be false.
Pundits are already suggesting that the extra ammunition that these changes
give to the Google advertising model could be worth billions of dollars in
extra revenue. That would certainly make the hassle that the firm is going
through now to bring in its changes worth it, and you’d suggest it’s likely to
be the prime motivator. Furthermore, as Google brings in new products and
services, it can just tag them onto the privacy policy as it does so, without
having to go through the process of starting up from scratch each time.
Nevertheless,
even though Google has shown an ability to skate through criticism, it’s still
attracting its fair share over these latest changes.
Criticisms
When Google
does anything of nay prominence, it always attracts criticism, by the very
nature of being a firm of the size that it is. After all, cynicism and
suspicion is hardwired into many, not least the technology press. However, in
this particular case, that criticism seems more vociferous than usual. And for
a few reasons.
The first
is one of timing. What’s been interesting about the way that Google has gone
about its proposed changes in the speed at which the firm has done it, publicly
anyway. You can bet that there was no small measure of work going on behind the
scenes to shape the amalgamated privacy policy into the one that went active on
1st March 2012. But in terms of how long Google gave its userbase time to get
used to the idea? Eight weeks, give or take, from start to finish. That’s a
very short period of time, given the matter in question.
It
introduced the news that it was making major changes to its privacy policy back
in January, urging users to read about it, but not crying too loudly when the
majority elected not to. Even if they did read what it has provided, though,
and digested everything, there was a sense of fait accompli about it. What,
realistically, could a user do? Scrutinise the changes, and then go back and
negotiate? Even if that was in any way feasible, which is evidently isn’t, the
time-scales involved make it impossible.
Google,
then, could simply present a take it or leave it deal. If you wanted a Google
account to use its products and services, as many of us do, then the privacy
changes would become active on 1st March, and there was nothing we could do
about it. Granted, you could use the services without logging in if you wanted
to in some cases (although anonymous browsing is still tracked), but you cut
off a bunch of features if you do so. The proverbial carrot and stick, then.
Anything
introduced at such relative speed fuels suspicion by very definition, but in
the case of what Google did, that suspicion may have had a bit more real
substance to it than originally thought. This is because the second major
criticism that Google is facing is one of law. Is what it did actually legal?
Depending on where you live in the world, you might just get a different
answer.
Speaking to
the BBC at the start of March, the European Union’s justice commissioner,
Viviane Reding, argued that what Google had done was breaching EU law.
Specifically, ‘transparency rules have not been applied’.
Reding told
Radio Four that ‘nobody had been consulted, it is not in accordance with the
law on transparency and it utilises the data of private persons in order to
hand in over to third parties, which is not what the users have agree to’.
Reding had outlined proposed legislation in late January, and Google would not
have been able to do what it had done, had that been in effect. On this
occasion, the timing was very much in Google’s favour.
Meanwhile,
in France, its privacy agency, The National Commission For Computing And Civil
Liberties (known as CNIL), sent a letter to Larry Page. Page is the co-founder
of Google, and its current chief executive, and the letter, while welcoming
Google’s efforts to inform users of the new policy, was generally scathing.
‘Google’s new policy does not meet the requirements of the European Directive
on Data Protection,’ it said in bold text.
Further
down the letter, also in bold text, ‘The CNIL and the EU data protection
authorities are deeply concerned about the combination of personal data across
services: they have strong doubts about the lawfulness and fairness of such
processing, and about its compliance with European Data Protection
legislation.’
The letter
was dated 27th February 2012, and ended with CNIL asking Google to ‘pause until
we have completed our analysis’.
Google
enacted the policy changes, as planned, three days later. Google’s global
privacy counsel, Peter Fleicher, responsed to CNIL, saying that Google is
‘confident that our simple, clear and transparent privacy policy respects all
European data protection laws and principles.’
