Select Page

Saira Nayak
Director of Policy | TRUSTe

PrivacyLast week, Google announced that they are consolidating over 60 different privacy policies for various products and services into a single policy that will inform users about how personal data is collected and used across Google’s entire platform.

Their new policy goes into effect March 1, 2012.  At slightly over 2200 words, it’s shorter than the average privacy policy (a 2,464 word average, per TRUSTe 2011 Website Privacy Index), which is admirable for a company with data practices as expansive and complicated as Google.  Their new privacy policy is supplemented by a helpful microsite that explains why they are moving to a single policy format and why they collect personal data. It’s laudable that Google has provided prominent, advance notification of these changes.  They’ve notified account holders via email and have taken the extra step of placing prominent advisory notices of the changes when users log into their accounts.

Google’s move, however, has drawn some negative reactions.  A bipartisan group in Congress wants the FTC to investigate whether the new privacy policy violates Google’s consent decree with the agency (although one would assume that Google has previewed these changes with the FTC).  The two main privacy concerns around these changes are over Google’s decision to unify and leverage user data across all accounts, and around users’ ability to opt-out of targeting. In a blog post, the company pointed out that users could still limit data collection via account-level privacy settings, that many services do not require log-ins (and thus account-level data collection), and that users can create separate accounts to further limit data unification.

Also, let’s not forget that these are free services Google provides (their new privacy policy won’t apply to paid enterprise or government services).  One comment on Google’s blog post reads: “You opt-in when you use the NO COST services they [Google] provide you”. The ultimate opt-out option for Google users opposed to being tracked across the company’s products and services is to stop using their products and services. There are competing products and services for virtually all of Google’s offerings and Google has enabled users to take much of their data with them when switching providers. Those users who want to definitively opt-out still have more than a month to delete their Google accounts and port their data.

Google should be commended for its transparency in this rollout and its commitment to data portability and user control (with tools such as their Ad Preferences Manager).  As Google and its competitors continue to battle it out we will see more innovations to enhance consumer privacy notices and enable user controls. Ultimately, more companies will move to compete on privacy.  At TRUSTe we’re working hard to ensure that our clients have cutting-edge privacy features, from user-friendly privacy notices to behavioral advertising opt-out controls served across billions of online ad impressions.