Privacy concerns with Google
Google's changes to its privacy policy on March 16, 2012, enabled the company to share data across a wide variety of services.[1] These embedded services include millions of third-party websites that use AdSense and Analytics. The policy was widely criticized for creating an environment that discourages Internet innovation by making Internet users more fearful and wary of what they do online.[2]
Around December 2009, after privacy concerns were raised, Google's CEO Eric Schmidt declared: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines—including Google—do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."[3]
Privacy International has raised concerns regarding the dangers and privacy implications of having a centrally located, widely popular data warehouse of millions of Internet users' searches, and how under controversial existing U.S. law, Google can be forced to hand over all such information to the U.S. government.[4] In its 2007 Consultation Report, Privacy International ranked Google as "Hostile to Privacy", its lowest rating on their report, making Google the only company in the list to receive that ranking.[4][5][6]
At the Techonomy conference in 2010, Eric Schmidt predicted that "true transparency and no anonymity" is the path to take for the Internet: "In a world of asynchronous threats it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it." He also said that: "If I look at enough of your messaging and your location, and use artificial intelligence, we can predict where you are going to go. Show us 14 photos of yourself and we can identify who you are. You think you don't have 14 photos of yourself on the internet? You've got Facebook photos!"[7]
In the summer of 2016, Google quietly dropped its ban on personally-identifiable info in its DoubleClick ad service. Google's privacy policy was changed to state it "may" combine web-browsing records obtained through DoubleClick with what the company learns from the use of other Google services. While new users were automatically opted-in, existing users were asked if they wanted to opt-in, and it remains possible to opt-out by going to the "Activity controls" in the "My Account" page of a Google account. ProPublica states that "The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct." Google contacted ProPublica to correct the fact that it doesn't "currently" use Gmail keywords to target web ads.[8]
Shona Ghosh, a journalist for Business Insider, noted that an increasing digital resistance movement against Google has grown. A major hub for critics of Google in order to organize to abstain from using Google products is the Reddit page for the subreddit r/degoogle.[9] The Electronic Frontier Foundation (EFF), a nonprofit organization which deals with civil liberties, has raised concerns regarding privacy issues pertaining to student data after conducting a survey which showed that a majority of parents, students and teachers are concerned that student privacy is being breached.[10] According to the EFF, the Federal Trade Commission has ignored complaints from the public that Google has been harvesting student data and search results even after holding talks with the Department of Education in 2018.[10][3]
Google blocks W3C privacy proposals using their veto power.[11] The W3C decides how the World Wide Web works, and Google vetoed the measure to expand W3C's power within its internet privacy group.[12]
Potential for data disclosure[edit]
Cookies[edit]
Google places one or more cookies on each user's computer, which is used to track a person's web browsing on a large number of unrelated websites and track their search history. If a user is logged into a Google service, Google also uses the cookies to record which Google Account is accessing each website and doing each search. Originally the cookie did not expire until 2038, although it could be manually deleted by the user or refused by setting a browser preference.[15] As of 2007, Google's cookie expired in two years, but renewed itself whenever a Google service is used.[15] As of 2011, Google said that it anonymizes the IP address data that it collects, after nine months, and the association between cookies and web accesses after 18 months.[16] As of 2016, Google's privacy policy does not promise anything about whether or when its records about the users' web browsing or searching are deleted from its records.[16]
The non-profit group Public Information Research launched Google Watch, a website advertised as "a look at Google's monopoly, algorithms, and privacy issues."[17][18] The site raised questions relating to Google's storage of cookies, which in 2007 had a life span of more than 32 years and incorporated a unique ID that enabled creation of a user data log.[15] Google faced criticism with its release of Google Buzz, Google's version of social networking, where Gmail users had their contact lists automatically made public unless they opted out.[19]
Google shares this information with law enforcement and other government agencies upon receiving a request. The majority of these requests do not involve review or approval by any court or judge.[20]
Tracking[edit]
Google is suspected of collecting and aggregating data about Internet users through the various tools it provides to developers, such as Google Analytics, Google Play Services, reCAPTCHA, Google Fonts, and Google APIs. This could enable Google to determine a user's route through the Internet by tracking the IP address being used through successive sites (cross-domain web tracking), However the fourth generation of Google Analytics claims that it drops any IP information from EU users.[21] Linked to other information made available through Google APIs, which are widely used, Google might be able to provide a quite complete web user profile linked to an IP address or user. This kind of data is invaluable for marketing agencies, and for Google itself to increase the efficiency of its own marketing and advertising activities.[22]
Google encourages developers to use their tools and to communicate end-user IP addresses to Google: "Developers are also encouraged to make use of the userip
parameter to supply the IP address of the end-user on whose behalf you are making the API request. Doing so will help distinguish this legitimate server-side traffic from traffic which doesn't come from an end-user."[23] ReCAPTCHA uses the google.com domain instead of one specific to ReCAPTCHA. This allows Google to receive any cookies that they have already set for the user, effectively bypassing restrictions on setting third party cookies and allowing traffic correlation with all of Google's other services, which most users use. ReCAPTCHA collects enough information that it could reliably de-anonymize many users that simply wish to prove that they are not a robot.[24]
Google has many sites and services that makes it difficult to track where the information could be viewed online.[25] Following the continuous backlash over aggressive tracking and unknown data retention periods, Google has tried to appeal to a growing number of privacy conscious people. At Google I/O 2019, it announced plans to limit the data retention period for some of it services, starting with Web and App Activity.[26] Users can select from between 3 months to 18 months within the Google Account Dashboard. The data retention period limit is disabled by default.
Wi-Fi networks information collection[edit]
From 2006 to 2010, Google Streetview camera cars collected about 600 gigabytes of data from users of unencrypted public and private Wi-Fi networks in more than 30 countries. No disclosures nor privacy policy was given to those affected, nor to the owners of the Wi-Fi stations.[62]
Google apologized and said that they were "acutely aware that we failed badly here" in terms of privacy protection, that they were not aware of the problem until an inquiry from German regulators was received, that the private data was collected inadvertently, and that none of the private data was used in Google's search engine or other services. A representative of Consumer Watchdog replied, "Once again, Google has demonstrated a lack of concern for privacy. Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar." In a sign that legal penalties may result, Google said it will not destroy the data until permitted by regulators.,[63][64] but then failed to do so in eleven countries.[65]
The Streetview data collection prompted several lawsuits in the United States. The suits were consolidated into one case before a California federal court. Google's motion to have the case dismissed, saying the Wi-Fi communications it captured were "readily accessible to the general public" and therefore not a violation of federal wiretapping laws, was rejected in June 2011 by the U.S. District Court for the Northern District of California and upon appeal in September 2013 by the U.S. Court of Appeals for the Ninth Circuit. The ruling is viewed as a major legal setback for Google and allows the case to move back to the lower court for trial.[66][67][68]
Currently Google no longer collects WiFi data via Streetview, instead using an Android device's Wi-Fi positioning system; however, they have suggested the creation of a unified approach for opting-out from Wi-Fi-based positioning systems, suggesting the usage of the word "nomap" appended to a wireless access point's SSID to exclude it from Google's WPS database.[69][70]
Google Plus (G+) was launched in late June 2011. The new service gained 20 million members in just a few weeks.[78] At the time of launch, the site's user content and conduct policy stated, "To help fight spam and prevent fake profiles, use the name your friends, family or co-workers usually call you."[79] Starting in July 2011, Google began enforcing this policy by suspending the accounts of those who used pseudonyms.[80][81] Starting in August 2011, Google provided a four-day grace period before enforcing the real name policy and suspending accounts. The four days allowed members time to change their pen name to their real name.[82] The policy extended to new accounts for all of Google services, including Gmail and YouTube, although accounts existing before the new policy were not required to be updated. In late January 2012 Google began allowing members to use nicknames, maiden names, and other "established" names in addition to their common or real names.[83]
According to Google, the real name policy makes Google more like the real world. People can find each other more easily, like a phone book. The real name policy protects children and young adults from cyber-bullying, as those bullies hide behind pen names.[84] There is considerable use of search engines for "people-searching", attempting to find information on persons by performing a search of their name.[85]
A number of high-profile commentators have publicly criticized Google's policies, including technologists Jamie Zawinski,[86] Kevin Marks,[87] and Robert Scoble[88] and organizations such as the Electronic Frontier Foundation.[89]
Criticisms have been wide-ranging,[90][91][92] for example:
Privacy and data protection cases and issues by country[edit]
European Union[edit]
European Union (EU) data protection officials (the Article 29 working party who advise the EU on privacy policy) have written to Google asking the company to justify its policy of keeping information on individuals' internet searches for up to two years. The letter questioned whether Google has "fulfilled all the necessary requirements" on the EU laws concerning data protection.[110] On May 31, 2007, Google agreed that its privacy policy was vague, and that they were constantly working at making it clearer to users.[111]
After Google merged its different privacy policies into a single one in March 2012, the working group of all European Union Data Protection Authorities assessed that it failed to comply with the EU legal framework. Several countries then opened cases to investigate possible breach of their privacy rules.[112]
Google has also been implicated in Google Spain v AEPD and Mario Costeja González, a case before the Audiencia Nacional (Spain's national court) and the European Court of Justice, which required Google to comply with the European privacy laws (i.e., the Data Protection Directive) and to allow users to be forgotten when operating in the European Union.[113][114]
Czech Republic[edit]
Starting in 2010, after more than five months of unsuccessful negotiations with Google, the Czech Office for Personal Data Protection prevented Street View from taking pictures of new locations. The Office described Google's program as taking pictures "beyond the extent of the ordinary sight from a street", and claimed that it "disproportionately invaded citizens' privacy."[115][116] Google resumed Street View in Czech Republic in 2012 after having agreed to a number of limitations similar to concessions Google has made in other countries.[117]
DoubleClick ads combined with other Google services[edit]
In the summer of 2016, Google quietly dropped its ban on personally-identifiable info in its DoubleClick ad service. Google's privacy policy was changed to state it "may" combine web-browsing records obtained through DoubleClick with what the company learns from the use of other Google services. While new users were automatically opted in, existing users were asked if they wanted to opt in, and it remains possible to opt out in the Activity controls of the My Account page for a Google account. ProPublica stated that "The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct." Google contacted ProPublica to correct the fact that it didn't "currently" use Gmail keywords to target web ads.[8]