 Google: Skynet? |
In honor of International Data Privacy Day, Google just released a list of five “Privacy Principles.” Google said it will implement the following ideals when creating new products and services:
- Use information to provide our users with valuable products and services.
- Develop products that reflect strong privacy standards and practices.
- Make the collection of personal information transparent.
- Give users meaningful choices to protect their privacy.
- Be a responsible steward of the information we hold.
These are important principles and they are a great start for a company that collects as much data as Google does.
But these five principles are focused on Google’s own use of data. It is a “Web 1.0″ model of privacy, where all of the concern is focused on how Google itself uses the data it collects. Call it a commitment to “Privacy 1.0.”
One important concept is missing entirely from Google’s list: social privacy.
We live in a Web 2.0 world. Data flows through Google in a million ways: through search, through Blogspot, through YouTube, and more. Even if Google promises to not use any of this data itself, thousands of other people can. A video of you hosted on YouTube and found through a Google search can have a far greater impact on your privacy than Google’s use of contextual advertising to serve you ads about suntan lotion when you search for “Bermuda.” Think about it: do you care more about contextual advertising, or a video of you that comes up for any Google search for your name? But Google’s privacy principles do not address this at all: they are entirely focused on Google.
In other words, even if Google promises that it will not misuse data, that does not mean that Google is respecting your privacy. Google is part of a larger privacy ecosystem. In fact, Google is perhaps the largest and most powerful part of the Internet’s privacy ecosystem. Google’s products (search, Blogger, YouTube, and more) connect more people to more information than any other company in history. It is crucial that Google recognize its role as the central connection in a massive data ecosystem. If Google creates a system that allows other people to violate your privacy, Google is complicit.
Take just a few examples that Google’s privacy principles do not even consider. Each of these has significant privacy implications:
- If the first result for a search for your name is a site with your home address and phone number
- If the first result for a search for your name was a site that displayed your medical history, HIV/AIDS status, sexual orientation, or other private information
- If the first result for a search for your name was a “hidden camera” video of you
- If someone else created a blog about you through Google’s BlogSpot service that listed everything you did every day
- If someone else posted a video of you on YouTube that contained false and defamatory lies
- If a health insurer uses Google to search for your name near “cancer”, “diabetes” and “overweight” before denying you coverage
- If an employer uses Google to search for what you are doing in your off-hours and finds that you are politically active in a way that disagrees with the boss
People can disagree about what Google’s obligation is to address each of those situations. But Google’s current privacy principles don’t admit that these are important questions, let alone address this social side of privacy. Call this new form of privacy, “Privacy 2.0“–the concern that your information will be misused by “300 million little brothers” rather than Orwell’s Big Brother. We’ve previously discussed the same principle as applied to Facebook: the concern is not that Facebook itself will violate your privacy, but rather that Facebook will empower other people to violate your privacy.
Google’s “privacy principles” are entirely focused on the old view of privacy, when the biggest fear was that Google itself would violate your privacy. It’s easy to protect your privacy from Google that way: just don’t use Google.
But in the Web 2.0 world, it is time for Google to accept that its privacy choices have impacts that go well beyond its corporate use of data. Google can create a system that allows users to protect their privacy from others. As the largest and most important information provider, Google has an obligation to at least consider these privacy implications. Its “privacy principles” don’t appear to even admit that its privacy practices affect a lot more than just its internal data use. It’s time for Google to catch up with Privacy 2.0.
6 comments ↓
[...] is Data Privacy Day. Perhaps you could spend some of it thinking about what is wrong with Google’s new privacy principles? Categories: Uncategorized Tags: privacy Comments (0) Trackbacks (0) [...]
[...] Rolling a coke can around with pure CSS Firefox Mobile inches towards 1.0, sheds Flash support Privacy 2.0: What’s missing from Google’s new privacy principles? Location-Based Social Networks: Interview with Tristan Walker of Foursquare Twitter OAuth on Java [...]
[...] Shared Privacy 2.0: What’s missing from Google’s new privacy principles?. [...]
Are you joking?
Half of your examples would be illegal, and rectified through existing processes. The other half could be fixed by just talking to the content authors.
It is not Google’s job to be sure that everyone looks good in search results.
On that contrary, that would be censorship of their search results, which is exactly the problem people had with them in China.
If you have a problem with what someone is saying or posting about you, don’t tell Google to hide it. Go talk to the author and fix your own problems.
[...] ← Privacy 2.0: What’s missing from Google’s new privacy principles? [...]
Thanks for writing, Max.
First, not all of those are illegal at all. There is a lot of bad stuff online that is still, sadly, legal. Second, even if some of it were technically legal, that wouldn’t help victims one bit because their attackers would have disappeared anonymously into the night.
But the real point isn’t that Google is at fault for any of that. It’s that Google hasn’t even considered the privacy implications of its actions. If an offline business were encouraging illegal and anti-social activity, it would be shut down as a “nuisance” even if it did not engage in any illegal conduct itself. Why do we not hold online businesses to the same standard?
And it’s not about “censorship” of search results (anyway, these problems apply across search, Blogspot, Youtube, etc). It’s about creating a system where privacy is respected by users of all of its products. Plenty of people have asked Google to allow victims to respond, or to give less weight to anonymous content, or to institute a dispute resolution process, or any of 100 other things that don’t remove things from the search index.
Leave a Comment