Is Google’s New “Store Sales Measurement” System a Privacy Risk?

Within hours of Google announcing their new “Store Sales Measurement” system, my inbox began filling with concerned queries. I held off responding on this until I could get additional information directly from Google. With that now in hand I feel comfortable in addressing this issue.

Executive Summary: I don’t see any realistic privacy problems with this new Google system.

In a nutshell, this program — similar in some respects to a program that Facebook has been operating for some time — provides data to advertisers that helps them determine the efficacy of their ads displayed via Google when purchases are not made online.

The crux of the problem is that an advertiser can usually determine when there are clicks on ads that ultimately convert to online purchases via those ads. But if ads are clicked and then purchases are made in stores, that information is routinely lost.

Our perception of advertising has always been complex — to call it love/hate would be a gross understatement. But the reality is that all of this stuff we use online has to be paid for somehow, even though we’ve come to expect most it to be free of direct charges.

And with the rise of ad blockers, advertisers are more concerned than ever that their ads are relevant and effective (and all else being equal, studies show that most of us prefer relevant ads to random ones).

Making this even more complicated is that the whole area of ad personalization is rife with misconceptions.

For example, the utterly false belief that Google sells the personal information of their users to advertisers continues to be widespread. But in fact, Google ad personalization takes place without providing any personal data to advertisers at all, and Google gives users essentially complete control over ad personalization (including the ability to disable it completely), via their comprehensive settings at:

Google’s new Store Sales Measurement system operates without Google obtaining individual users’ personal purchasing data. The system is double-blind and deals only with aggregated information about the value of total purchases. Google doesn’t learn who made a purchase, what was purchased, or the individual purchase prices. 

Even though this system doesn’t involve sharing of individual users’ personal data, an obvious question I’ve been asked many times over the last couple of days is: “Where did I give permission for my purchase data to be involved in a program like this at all, even if it’s only in aggregated and unidentified forms?”

Frankly, that’s a question for the bank or other financial institution that issues your credit or debit card — they’re the ones that have written their own foundational privacy policies. 

But my sense is that Google has bent over backwards to deploy their new system with additional layers of user privacy protections that go far beyond the typical privacy policies of those institutions themselves.

My bottom line on all this is that, yeah, I understand why many persons are feeling a bit nervous about this kind of system. But in the real world, we still need advertising to keep the Web going, and when a firm has jumped through the hoops as Google has done to increase the value of their advertising without negatively impacting user privacy in the process, I really don’t have any privacy or other associated concerns.

I only wish that all firms showed this degree of diligence.

Don’t hold your breath waiting for that.


The Coming Fascist Internet
Fighting Government Crippled Encryption by Turning It Off Entirely!