Privacy 2.0: What’s missing from Google’s new privacy principles?
 Google: Skynet? |
In honor of International Data Privacy Day, Google just released a list of five “Privacy Principles.” Google said it will implement the following ideals when creating new products and services:
- Use information to provide our users with valuable products and services.
- Develop products that reflect strong privacy standards and practices.
- Make the collection of personal information transparent.
- Give users meaningful choices to protect their privacy.
- Be a responsible steward of the information we hold.
These are important principles and they are a great start for a company that collects as much data as Google does.
But these five principles are focused on Google’s own use of data. It is a “Web 1.0″ model of privacy, where all of the concern is focused on how Google itself uses the data it collects. Call it a commitment to “Privacy 1.0.”
One important concept is missing entirely from Google’s list: social privacy.
We live in a Web 2.0 world. Data flows through Google in a million ways: through search, through Blogspot, through YouTube, and more. Even if Google promises to not use any of this data itself, thousands of other people can. A video of you hosted on YouTube and found through a Google search can have a far greater impact on your privacy than Google’s use of contextual advertising to serve you ads about suntan lotion when you search for “Bermuda.” Think about it: do you care more about contextual advertising, or a video of you that comes up for any Google search for your name? But Google’s privacy principles do not address this at all: they are entirely focused on Google.
In other words, even if Google promises that it will not misuse data, that does not mean that Google is respecting your privacy. Google is part of a larger privacy ecosystem. In fact, Google is perhaps the largest and most powerful part of the Internet’s privacy ecosystem. Google’s products (search, Blogger, YouTube, and more) connect more people to more information than any other company in history. It is crucial that Google recognize its role as the central connection in a massive data ecosystem. If Google creates a system that allows other people to violate your privacy, Google is complicit.
Take just a few examples that Google’s privacy principles do not even consider. Each of these has significant privacy implications:
- If the first result for a search for your name is a site with your home address and phone number
- If the first result for a search for your name was a site that displayed your medical history, HIV/AIDS status, sexual orientation, or other private information
- If the first result for a search for your name was a “hidden camera” video of you
- If someone else created a blog about you through Google’s BlogSpot service that listed everything you did every day
- If someone else posted a video of you on YouTube that contained false and defamatory lies
- If a health insurer uses Google to search for your name near “cancer”, “diabetes” and “overweight” before denying you coverage
- If an employer uses Google to search for what you are doing in your off-hours and finds that you are politically active in a way that disagrees with the boss
People can disagree about what Google’s obligation is to address each of those situations. But Google’s current privacy principles don’t admit that these are important questions, let alone address this social side of privacy. Call this new form of privacy, “Privacy 2.0“–the concern that your information will be misused by “300 million little brothers” rather than Orwell’s Big Brother. We’ve previously discussed the same principle as applied to Facebook: the concern is not that Facebook itself will violate your privacy, but rather that Facebook will empower other people to violate your privacy.
Google’s “privacy principles” are entirely focused on the old view of privacy, when the biggest fear was that Google itself would violate your privacy. It’s easy to protect your privacy from Google that way: just don’t use Google.
But in the Web 2.0 world, it is time for Google to accept that its privacy choices have impacts that go well beyond its corporate use of data. Google can create a system that allows users to protect their privacy from others. As the largest and most important information provider, Google has an obligation to at least consider these privacy implications. Its “privacy principles” don’t appear to even admit that its privacy practices affect a lot more than just its internal data use. It’s time for Google to catch up with Privacy 2.0.
