January 28, 2012

Google's Privacy Policy Changes: Revolution? Evolution? Or Confusion?

In the mere four days since Google announced significant changes to their privacy policies and terms of service (with a follow-up posting a couple of days later), the Net has been abuzz with associated criticisms and discussions.

I had hoped to at least let the dust settle on this a bit before chiming in, but when I saw an article yesterday comparing Google's changes with the creation of the humanity crushing "Skynet" from the "Terminator" movies, I figured perhaps a few words might be relevant sooner rather than later.

Google bundled a lot into a single announcement, and has emphasized the importance of the changes with prominent notes around their sites and via email notifications to Google account holders. They obviously did this in an effort to assure maximum transparency, but I believe they may have erred a bit by assuming most users had sufficient historical perspective to put the changes into a realistic context.

The result has been quite a bit of confusion and emotional reactions, much of which seems not grounded in reality.

Still, the changes are significant. Let's explore the landscape a bit and then you can draw your own conclusions.

We begin with that historical perspective I mentioned.

What is Google to most users?

Is it a service? A set of disparate services? A collection of related services?

We all know that Google began as a search engine. You dropped in search queries and got results back. You didn't need an account to use it. And obviously, it's also still free to use -- you don't need to login or have an account to use Google Search today, either.

Over time, other services joined under the Google banner. YouTube was an acquisition, and operated for quite a while with a unique account system completely different from the evolving Google Accounts structure. You could always view YouTube videos for free without an account, and you still can for the vast majority of YouTube vids.

Other free Google services appeared gradually, some needing accounts, some not. Google News, Gmail, Google Docs, Google Profiles, Google+, and so on.

For services that need accounts, like Gmail and Google+, there are differing identity characteristics. Gmail doesn't require the use of person-linked profiles. You can create multiple free Gmail accounts under various names, and as long as you're conducting yourself legally, you're good to go with a variety of different Gmail "personas" if you wish.

Google+ is by its nature more linked to individual identities -- that is, more of a one to one mapping with actual people (though Google+ Pages do provide a means to effectively create alternative identities even in that more individual-centric environment).

One upshot of this evolving set of Google services is obvious -- they have traditionally felt much more like completely separate entities than a unified Google experience per se. Even when you have a Google account (or accounts) -- which would seem to be the logical units for data management and sharing -- the handling of that data even within a single account has varied between services.

The complexities of this situation are illustrated by the more than 70 different privacy policies that have existed for the range of Google products and services. That's a lot of privacy policies.

It's not surprising then that many Google users have not had a clear idea, and in many cases have misunderstood, how their data is being handled by Google, despite Google's continuing evolution of user information and control tools such as their Privacy and Ad Preferences Dashboards.

Now compare this situation with Facebook, which was founded some years later than Google.

Facebook is seen largely as a single service, with its various functionalities usually viewed not in isolation but as parts of a comparatively unified whole. Even though some of these capabilities are similar to those of Google (e.g. video upload and playback in a manner somewhat akin to YouTube), the "unified" structure of Facebook tends to avoid questions of data sharing within a Facebook account. This despite the fact that at least theoretically users have far less flexibility in creating Facebook accounts than Google accounts, and far more functions require login for access on Facebook as opposed to with Google.

It's been obvious for some time that Google wants to move toward a more unified services structure itself. Social applications pretty much require this to provide a useful environment for participants, and there are many other benefits both to users and the services providers.

In an appropriately implemented unified system, users are able to easily both understand and control what information they share with others, without having to manage an array of disparate policies and environments. Service providers benefit from being able to provide more relevant ads for free services on an account basis, rather than on a fragmented service basis. And these are the ads that -- whether you like it or not -- are critical to keeping these services free for the vast majority of users like you and me.

So with all this in mind, what is it that Google is actually changing in their privacy policies and terms, and just as importantly, what aren't they altering?

They're distilling down those 70+ privacy polices to just a few, and working to make them more easily understandable. This is largely noncontroversial -- simplicity rather than complexity in such documents is almost always a big win for everyone involved (at least if you're not a lawyer, and often even then!)

And (here comes the controversial part) Google will be using collected data
across Google Account related services for the provision of ads and the like,
instead of restricting that data to individual service "silos" within individual Google accounts.

Now, what isn't happening with these policy and terms updates, as I understand them:

Is Google collecting more data regarding your activities as a result of these changes? NO.

Is Google sharing your data with other users or third parties as a result of these changes? NO.

Are Enterprise (paying) customers affected by these changes? NO.

Is Google changing the way they handle your Google Account data vis-à-vis data related to third-party sites running services such as Google Analytics or DoubleClick? NO.

Is Google requiring you to login to use more services? NO.

Does the new cross-services data sharing policy have any impact on you when you're not logged-in? NO.

Is your information shared between separate Google Accounts that you may have created for different Google services? NO.

Will you be prevented from creating separate Google Accounts for different Google services? NO.

- - -

So what does the new data sharing policy really mean? Well, for example, if you're logged into the same Google Account for Search and YouTube, you might see ads in one based on searches in the other (with these ads in general impacted by your settings in the Ad Preferences dashboard, which allows a great deal of control over all this, including choosing not to receive customized ads at all).

The irony is that many persons have apparently assumed that this kind of sharing was already the case when they were logged into a single Google account for different services. It seems completely logical and useful for ad preferences and customizations to be shared across services when using the same Google account. After all, you're the same person, and your data is being handled only by Google, not being shared with third parties.

But there are people who prefer the historical compartmenting of data between services, despite what we could call the "natural sharing" characteristics of a single account in the generic sense.

As we've noted, you can still use Google Search and more without logging in. You can create multiple accounts and associate different accounts with different Google services. You can easily use Google's "Data Liberation" system to download messages and documents from Google services to move them to other Google accounts, or to outside services entirely. By combining various browser add-ons with Google's existing fast account switch commands, you can make the process of using different Google accounts with different services essentially as automated as you wish.

This sort of flexibility seems in considerable contrast to the sorts of situations we face in other aspects of lives, such as with banks and credit card companies who usually share far more information about our activities (especially to third parties) than do most major online services, and provide far fewer options for user control.

Of course ultimately the decisions about what services you wish to use -- both online and offline -- are up to you. Reasonable persons can have differing opinions and can disagree regarding the value, importance, and impacts of changes in privacy, terms of service, or various other aspects of services in cyberspace or the brick and mortar world.

But I do think it's crucial to at least start from a foundation of facts, not hyperbole, and with an appropriate sense of not only where we are, but where we've been as well.

Interesting times, indeed.

--Lauren--

Posted by Lauren at January 28, 2012 12:03 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein