Privacy concerns with Google

Google's changes to its privacy policy on March 16, 2012, enabled the company to share data across a wide variety of services.[1] These embedded services include millions of third-party websites that use AdSense and Analytics. The policy was widely criticized for creating an environment that discourages Internet innovation by making Internet users more fearful and wary of what they do online.[2]

Around December 2009, after privacy concerns were raised, Google's CEO Eric Schmidt declared: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines—including Google—do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."[3]

Privacy International has raised concerns regarding the dangers and privacy implications of having a centrally located, widely popular data warehouse of millions of Internet users' searches, and how under controversial existing U.S. law, Google can be forced to hand over all such information to the U.S. government.[4] In its 2007 Consultation Report, Privacy International ranked Google as "Hostile to Privacy", its lowest rating on their report, making Google the only company in the list to receive that ranking.[4][5][6]

At the Techonomy conference in 2010, Eric Schmidt predicted that "true transparency and no anonymity" is the path to take for the Internet: "In a world of asynchronous threats it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it." He also said that: "If I look at enough of your messaging and your location, and use artificial intelligence, we can predict where you are going to go. Show us 14 photos of yourself and we can identify who you are. You think you don't have 14 photos of yourself on the internet? You've got Facebook photos!"[7]

In the summer of 2016, Google quietly dropped its ban on personally-identifiable info in its DoubleClick ad service. Google's privacy policy was changed to state it "may" combine web-browsing records obtained through DoubleClick with what the company learns from the use of other Google services. While new users were automatically opted-in, existing users were asked if they wanted to opt-in, and it remains possible to opt-out by going to the "Activity controls" in the "My Account" page of a Google account. ProPublica states that "The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct." Google contacted ProPublica to correct the fact that it doesn't "currently" use Gmail keywords to target web ads.[8]

Shona Ghosh, a journalist for Business Insider, noted that an increasing digital resistance movement against Google has grown. A major hub for critics of Google in order to organize to abstain from using Google products is the Reddit page for the subreddit r/degoogle.[9] The Electronic Frontier Foundation (EFF), a nonprofit organization which deals with civil liberties, has raised concerns regarding privacy issues pertaining to student data after conducting a survey which showed that a majority of parents, students and teachers are concerned that student privacy is being breached.[10] According to the EFF, the Federal Trade Commission has ignored complaints from the public that Google has been harvesting student data and search results even after holding talks with the Department of Education in 2018.[10][3]

Google blocks W3C privacy proposals using their veto power.[11] The W3C decides how the World Wide Web works, and Google vetoed the measure to expand W3C's power within its internet privacy group.[12]

Potential for data disclosure

edit

Data leaks

edit

On March 10, 2009, Google reported that a bug in Google Docs had allowed unintended access to some private documents. It was believed by PCWorld that 0.05% of all documents stored via the service were affected by the bug.[13] Google stated the bug has now been fixed.[14]

Cookies

edit

Google places one or more cookies on each user's computer, which is used to track a person's web browsing on a large number of unrelated websites and track their search history. If a user is logged into a Google service, Google also uses the cookies to record which Google Account is accessing each website and doing each search. Originally the cookie did not expire until 2038, although it could be manually deleted by the user or refused by setting a browser preference.[15] As of 2007, Google's cookie expired in two years, but renewed itself whenever a Google service is used.[15] This also affected the opt-out at Google's Ads Preferences Manager, which meant that users who thought they had opted out were automatically opted back in after visiting a Google service or website, including YouTube.[16] As of 2011, Google said that it anonymizes the IP address data that it collects, after nine months, and the association between cookies and web accesses after 18 months.[17] As of 2016, Google's privacy policy does not promise anything about whether or when its records about the users' web browsing or searching are deleted from its records.[17]

The non-profit group Public Information Research launched Google Watch, a website advertised as "a look at Google's monopoly, algorithms, and privacy issues."[18][19] The site raised questions relating to Google's storage of cookies, which in 2007 had a life span of more than 32 years and incorporated a unique ID that enabled creation of a user data log.[15] Google faced criticism with its release of Google Buzz, Google's version of social networking, where Gmail users had their contact lists automatically made public unless they opted out.[20]

Google shares this information with law enforcement and other government agencies upon receiving a request. The majority of these requests do not involve review or approval by any court or judge.[21]

Tracking

edit

Google is suspected of collecting and aggregating data about Internet users through the various tools it provides to developers, such as Google Analytics, Google Play Services, reCAPTCHA, Google Fonts, and Google APIs. This could enable Google to determine a user's route through the Internet by tracking the IP address being used through successive sites (cross-domain web tracking), However the fourth generation of Google Analytics claims that it drops any IP information from EU users.[22][third-party source needed] Linked to other information made available through Google APIs, which are widely used, Google might be able to provide a quite complete web user profile linked to an IP address or user. This kind of data is invaluable for marketing agencies, and for Google itself to increase the efficiency of its own marketing and advertising activities.[23]

Google encourages developers to use their tools and to communicate end-user IP addresses to Google: "Developers are also encouraged to make use of the userip parameter to supply the IP address of the end-user on whose behalf you are making the API request. Doing so will help distinguish this legitimate server-side traffic from traffic which doesn't come from an end-user."[24] ReCAPTCHA uses the google.com domain instead of one specific to ReCAPTCHA. This allows Google to receive any cookies that they have already set for the user, effectively bypassing restrictions on setting third party cookies and allowing traffic correlation with all of Google's other services, which most users use. ReCAPTCHA collects enough information that it could reliably de-anonymize many users that simply wish to prove that they are not a robot.[25]

Google has many sites and services that makes it difficult to track where the information could be viewed online.[26] Following the continuous backlash over aggressive tracking and unknown data retention periods, Google has tried to appeal to a growing number of privacy conscious people. At Google I/O 2019, it announced plans to limit the data retention period for some of it services, starting with Web and App Activity.[27] Users can select from between 3 months to 18 months within the Google Account Dashboard. The data retention period limit is disabled by default.

Gmail

edit

Steve Ballmer,[28] Liz Figueroa,[29] Mark Rasch,[30] and the editors of Google Watch[31] believe the processing of email message content by Google's Gmail service goes beyond proper use.

Google Inc. claims that mail sent to or from Gmail is never read by a human being other than the account holder, and content that is read by computers is only used to improve the relevance of advertisements and block spam emails.[32] The privacy policies of other popular email services, like Outlook.com and Yahoo, allow users' personal information to be collected and utilized for advertising purposes.[33][34]

In 2004, thirty-one privacy and civil liberties organizations wrote a letter calling upon Google to suspend its Gmail service until the privacy issues were adequately addressed.[35] The letter also called upon Google to clarify its written information policies regarding data retention and data sharing among its business units. The organizations voiced their concerns about Google's plan to scan the text of all incoming messages for the purposes of ad placement, noting that the scanning of confidential email for inserting third party ad content violates the implicit trust of an email service provider.

In 2013, Microsoft launched an advertising campaign to attack Google for scanning email messages, arguing that most Gmail users are not aware that Google monitors their personal messages to deliver targeted ads.[36][37] Microsoft claims that its email service Outlook does not scan the contents of messages and a Microsoft spokesperson called the issue of privacy "Google's kryptonite."[36] Other concerns include the unlimited period for data retention that Google's policies allow, and the potential for unintended secondary uses of the information Gmail collects and stores.[38]

A court filing uncovered by advocacy group Consumer Watchdog in August 2013 revealed that Google stated in a court filing that no "reasonable expectation" exists among Gmail users in regard to the assured confidentiality of their emails. According to the British Newspaper, The Guardian, "Google's court filing was referring to users of other email providers who email Gmail users – and not to the Gmail users themselves".[39] In response to a lawsuit filed in May 2013, Google explained:

... all users of email must necessarily expect that their emails will be subject to automated processing ... Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient's ECS [electronic communications service] provider in the course of delivery.[39]

A Google spokesperson stated to the media on August 15, 2013, that the corporation takes the privacy and security concerns of Gmail users "very seriously."[39]

A Federal Judge declined to dissolve a lawsuit made by Gmail users who opposed to the use of analyzing the content of the messenger by selling byproducts.[40]

In 2017, Google stopped personalizing Gmail ads.[41]

CIA and NSA ties

edit

In February 2010, Google was reported to be working on an agreement with the National Security Agency (NSA) to investigate recent attacks against its network. While the deal did not give the NSA access to Google's data on users' searches or e-mail communications and accounts and Google was not sharing proprietary data with the agency, privacy and civil rights advocates were concerned.[42][43]

In October 2004, Google acquired Keyhole, a 3D mapping company. In February 2004, before its acquisition by Google, Keyhole received an investment from In-Q-Tel, the CIA's investment arm.[44] And in July 2010 it was reported that the investment arms of both the CIA (In-Q-Tel) and Google (Google Ventures) were investing in Recorded Future, a company specializing in predictive analytics—monitoring the web in real time and using that information to predict the future. Private corporations have been using similar systems since the 1990s, but the involvement of Google and the CIA, with their large data stores, raised privacy concerns.[45][46]

In 2011, a federal district court judge in the United States turned down a Freedom of Information Act request, submitted by the Electronic Privacy Information Center. In May 2012, a Court of Appeals upheld the ruling. The request attempted to disclose NSA records regarding the 2010 cyber-attack on Google users in China. The NSA stated that revealing such information would make the US Government information systems vulnerable to attack. The NSA refused to confirm or deny the existence of the records, or the existence of any relationship between the NSA and Google.[47]

Leaked NSA documents obtained by The Guardian[48] and The Washington Post[49] in June 2013 included Google on the list of companies that cooperate with the NSA's PRISM surveillance program, which authorizes the government to secretly access data of non-US citizens hosted by American companies without a warrant. Following the leak, government officials acknowledged the existence of the program.[50] According to the leaked documents, the NSA has direct access to servers of those companies, and the amount of data collected through the program had been growing fast in years prior to the leak. Google has denied the existence of any "government backdoor".[51]

Government requests

edit

Google has been criticized both for disclosing too much information to governments too quickly and for not disclosing information that governments need to enforce their laws. In April 2010, Google, for the first time, released details about how often countries around the world ask it to hand over user data or to censor information.[52] Online tools make the updated data available to everyone.[53]

Between July and December 2009, Brazil topped the list for user data requests with 3,663, while the US had made 3,580, the UK 1,166, and India 1,061. Brazil also made the largest number of requests to remove content with 291, followed by Germany with 188, India with 142, and the US with 123. Google, which stopped offering search services in China a month before the data was released, said it could not release information on requests from the Chinese government because such information is regarded as a state secret.[52]

Google's chief legal officer said, "The vast majority of these requests are valid, and the information needed is for legitimate criminal investigations or for the removal of child pornography".[52]

On March 20, 2019, the U.S. Supreme Court risked an 8.5 million settlement which Google formed to fix a lawsuit with the claims of invading their privacy.[54][clarification needed]

Google Chrome

edit

In 2008, Consumer Watchdog produced a video showing how Google Chrome records what a user types into the web address field and sends that information to Google servers to populate search suggestions. The video includes discussion regarding the potential privacy implications of this feature.[55][56][57]

Incognito browsing mode

edit

Google Chrome includes a private browsing feature called "incognito browsing mode" that prevents the browser from permanently storing any browsing or download history information or cookies. Using incognito mode prevents storage of pages visited in the browser's history. However, the individual websites visited can still track and store information about visits. In particular, any searches performed while signed into a Google account will be saved as part of the account's web history.[58] In addition, other programs such as those used to stream media files, which are invoked from within Chrome, may still record history information, even when incognito mode is being used. Furthermore, a limitation of Apple's iOS 7 platform allows some information from incognito browser windows to leak to regular Chrome browser windows.[59] There are concerns that these limitations may have led Chrome users to believe that incognito mode provides more privacy protection than it actually does.[60]

Street View

edit

Google's online map service, Street View, has been found guilty retrieving emails and other personal data in the streets ("payload data"), taking pictures and viewing too far into people's private homes and/or too close to people on the street when they do not know they are being photographed.[61][62]

Wi-Fi networks information collection

edit

From 2006 to 2010, Google Streetview camera cars collected about 600 gigabytes of data from users of unencrypted public and private Wi-Fi networks in more than 30 countries. No disclosures nor privacy policy was given to those affected, nor to the owners of the Wi-Fi stations.[63]

Google apologized and said that they were "acutely aware that we failed badly here" in terms of privacy protection, that they were not aware of the problem until an inquiry from German regulators was received, that the private data was collected inadvertently, and that none of the private data was used in Google's search engine or other services. A representative of Consumer Watchdog replied, "Once again, Google has demonstrated a lack of concern for privacy. Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar." In a sign that legal penalties may result, Google said it will not destroy the data until permitted by regulators.,[64][65] but then failed to do so in eleven countries.[66]

The Streetview data collection prompted several lawsuits in the United States. The suits were consolidated into one case before a California federal court. Google's motion to have the case dismissed, saying the Wi-Fi communications it captured were "readily accessible to the general public" and therefore not a violation of federal wiretapping laws, was rejected in June 2011 by the U.S. District Court for the Northern District of California and upon appeal in September 2013 by the U.S. Court of Appeals for the Ninth Circuit. The ruling is viewed as a major legal setback for Google and allows the case to move back to the lower court for trial.[67][68][69]

Currently Google no longer collects WiFi data via Streetview, instead using an Android device's Wi-Fi positioning system; however, they have suggested the creation of a unified approach for opting-out from Wi-Fi-based positioning systems, suggesting the usage of the word "nomap" appended to a wireless access point's SSID to exclude it from Google's WPS database.[70][71]

YouTube

edit

On July 14, 2008, Viacom compromised to protect YouTube users' personal data in their $1 billion copyright lawsuit. Google agreed it will anonymize user information and internet protocol addresses from its YouTube subsidiary before handing the data over to Viacom. The privacy deal also applied to other litigants including the FA Premier League, the Rodgers & Hammerstein organization and the Scottish Premier League.[72][73] The deal however did not extend the anonymity to employees, because Viacom wishes to prove that Google staff are aware of the uploading of illegal material to the site. The parties therefore will further meet on the matter lest the data be made available to the court.[74] YouTube was forced to pay $170 million and implement new privacy systems to the FTC following a complaint about the platform's enforcement of the Children's Online Privacy Protection Act.[75]

Google Buzz

edit

On February 9, 2010, Google launched Google Buzz, Google's microblogging service. Anyone with a Gmail account was automatically added as a contact to pre-existing Gmail contacts, and had to opt out if they did not wish to participate.[76]

The launch of Google Buzz as an "opt-out" social network immediately drew criticism for violating user privacy because it automatically allowed Gmail users' contacts to view their other contacts.[77] In 2011, the United States Federal Trade Commission initiated a Commission proceeding against respondent Google, Inc., alleging that certain personal information of Gmail users was shared without users' permission through the Google Buzz social network.[78]

Real names, Google+, and Nymwars

edit

Google Plus (G+) was launched in late June 2011. The new service gained 20 million members in just a few weeks.[79] At the time of launch, the site's user content and conduct policy stated, "To help fight spam and prevent fake profiles, use the name your friends, family or co-workers usually call you."[80] Starting in July 2011, Google began enforcing this policy by suspending the accounts of those who used pseudonyms.[81][82] Starting in August 2011, Google provided a four-day grace period before enforcing the real name policy and suspending accounts. The four days allowed members time to change their pen name to their real name.[83] The policy extended to new accounts for all of Google services, including Gmail and YouTube, although accounts existing before the new policy were not required to be updated. In late January 2012 Google began allowing members to use nicknames, maiden names, and other "established" names in addition to their common or real names.[84]

According to Google, the real name policy makes Google more like the real world. People can find each other more easily, like a phone book. The real name policy is believed to protect children and young adults from cyber-bullying, as those bullies hide behind pen names,[85] but this view fails to acknowledge that people may also hide from bullies by using nicknames not known to others. There is considerable use of search engines for "people-searching", attempting to find information on persons by performing a search of their name.[86]

A number of high-profile commentators have publicly criticized Google's policies, including technologists Jamie Zawinski,[87] Kevin Marks,[88] and Robert Scoble[89] and organizations such as the Electronic Frontier Foundation.[90]

Criticisms have been wide-ranging,[91][92][93] for example:

  • The policy is not like the real world, because real names and personal information are not known to everyone in the off-line world.
  • The policy fails to acknowledge long-standing Internet culture and conventions.[90]
  • Using real names online can disadvantage or endanger some individuals, such as victims of violence or harassment. The policy prevents users from protecting themselves by hiding their identity. For example, a person who reports a human rights violation or crime and posts it on YouTube can no longer do so anonymously. The dangers include possible hate crimes, retaliation against whistle-blowers, executions of rebels, religious persecution, and revenge against victims or witnesses of crimes.[94]
  • Using a pseudonym is different from anonymity, and a pseudonym used consistently denotes an "authentic personality".[95]
  • Google's arguments fail to address the financial gain represented by connecting personal data to real-world identities.[96]
  • Google has inconsistently enforced their policy, especially by making exceptions for celebrities using pseudonyms and mononyms.[97]
  • The policy as stated is insufficient for preventing spam.
  • The policy may run afoul of legal constraints such as the German "Telemediengesetz" federal law, which makes anonymous access to online services a legal requirement.[98]
  • The policy does not prevent trolls. It is up to social media to encourage the growth of healthy social norms, and forcefully telling people how they must behave cannot be efficient.[99]

Do Not Track

edit

In April 2011, Google was criticized for not signing onto the Do Not Track feature for Chrome that was being incorporated in most other modern web browsers, including Firefox, Internet Explorer, Safari, and Opera. Critics pointed out that a new patent Google was granted in April 2011, for greatly enhanced user tracking through web advertising, will provide much more detailed information on user behavior and that do not track would hurt Google's ability to exploit this. Software reviewer Kurt Bakke of Conceivably Tech wrote:

Google said that it intends to charge advertisers based on click-through rates, certain user activities and a pay-for-performance model. The entire patent seems to fit Google's recent claims that Chrome is critical for Google to maintain search dominance through its Chrome web browser and Chrome OS and was described as a tool to lock users to Google's search engine and – ultimately – its advertising services. So, how likely is it that Google will follow the do-not-track trend? Not very likely.[100]

Mozilla developer Asa Dotzler noted: "It seems pretty obvious to me that the Chrome team is bowing to pressure from Google's advertising business and that's a real shame. I had hoped they'd demonstrate a bit more independence than that."[100][101][102]

At the time of the criticisms, Google argued that the technology is useless, as advertisers are not required to obey the user's tracking preferences and it remains unclear as to what constitutes tracking (as opposed to storing statistical data or user preferences). As an alternative, Google continues to offer an extension called "Keep My Opt-Outs" that permanently prevents advertising companies from installing cookies on the user's computer.[103]

The reaction to this extension was mixed. Paul Thurrott of Windows IT Pro called the extension "much, much closer to what I've been asking for—i.e. something that just works and doesn't require the user to figure anything out—than the IE or Firefox solutions" while lamenting the fact that the extension is not included as part of the browser itself.[104]

In February 2012, Google announced that Chrome would incorporate a Do Not Track feature by the end of 2012, and it was implemented in early November 2012.[105]

Moreover, Pól Mac and Douglas J. (2016) in their study “Don’t Let Google Know I’m Lonely”, presented strong evidence that the two giant techs have very high accuracy while providing results based on user's sensitive entries. Pól Mac and Douglas J. (2016) specifically focused on user's financial and sexual preferences and they have concluded that "For Google, 100% of user sessions on a sensitive topic reject the hypothesis that no learning of the sensitive topic by the search engine has taken place and so are identified as sensitive. For Bing, the corresponding detection rate is 91%."[106]

Scroogle

edit
 
2008 screenshot of Scroogle.org

Scroogle, named after the fictional character Ebenezer Scrooge, was a web service that allowed users to perform Google searches anonymously. It focused heavily on searcher privacy by blocking Google cookies and not saving log files. The service was launched in 2003 by Google critic Daniel Brandt, who was concerned about Google collecting personal information on its users.[107]

Scroogle offered a web interface and browser plugins for Firefox, Google Chrome, and Internet Explorer that allowed users to run Google searches anonymously. The service scraped Google search results, removing ads and sponsored links. Only the raw search results were returned, meaning features such as page preview were not available. For added security, Scroogle gave users the option of having all communication between their computer and the search page be SSL encrypted.

Although Scroogle's activities technically violated Google's terms of service, Google generally tolerated its existence, whitelisting the site on multiple occasions. After 2005, the service encountered rapid growth before running into a series of problems starting in 2010. In February 2012, the service was permanently shut down by its creator due to a combination of throttling of search requests by Google and a denial-of-service attack by an unknown person or group.[108]

Before its demise, Scroogle handled around 350,000 queries daily,[109] ranked among the top 4,000 sites worldwide and in the top 2,500 for the United States, Canada, the United Kingdom, Australia, and other countries in web traffic.[110]

Privacy and data protection cases and issues by country

edit

European Union

edit

European Union (EU) data protection officials (the Article 29 working party who advise the EU on privacy policy) have written to Google asking the company to justify its policy of keeping information on individuals' internet searches for up to two years. The letter questioned whether Google has "fulfilled all the necessary requirements" on the EU laws concerning data protection.[111] On May 31, 2007, Google agreed that its privacy policy was vague, and that they were constantly working at making it clearer to users.[112]

After Google merged its different privacy policies into a single one in March 2012, the working group of all European Union Data Protection Authorities assessed that it failed to comply with the EU legal framework. Several countries then opened cases to investigate possible breach of their privacy rules.[113]

Google has also been implicated in Google Spain v AEPD and Mario Costeja González, a case before the Audiencia Nacional (Spain's national court) and the European Court of Justice, which required Google to comply with the European privacy laws (i.e., the Data Protection Directive) and to allow users to be forgotten when operating in the European Union.[114][115]

Czech Republic

edit

Starting in 2010, after more than five months of unsuccessful negotiations with Google, the Czech Office for Personal Data Protection prevented Street View from taking pictures of new locations. The Office described Google's program as taking pictures "beyond the extent of the ordinary sight from a street", and claimed that it "disproportionately invaded citizens' privacy."[116][117] Google resumed Street View in Czech Republic in 2012 after having agreed to a number of limitations similar to concessions Google has made in other countries.[118]

France

edit

In January 2014, the French authority, CNIL sanctioned Google, requiring it to pay their highest fee and to display on its search engine website a banner referring to the decision.[119] Google complied, but planned to appeal to the supreme court of administrative justice, the Conseil d'Etat.[113] A number of French and German companies came together to form a group called the Open Internet Project, seeking a ban of Google's manipulative favoring of its own services and content over those of others.[120]

In 2022, CNIL fined Google €150 million for Google making it difficult for users to opt out of tracking. Google was required to comply with the order, facing a fine of €100,000 for each day of delay.[121]

Germany

edit

In May 2010, Google was unable to meet a deadline set by Hamburg's data protection supervisor to hand over data illegally collected from unsecured home wireless networks. Google added, "We hope, given more time, to be able to resolve this difficult issue."[122] The data was turned over to German, French, and Spanish authorities in early June 2010.[123]

In November 2010, vandals in Germany targeted houses that had opted out of Google's Street View.[124]

In April 2011, Google announced that it will not expand its Street View program in Germany, but what has already been photographed—around 20 cities' worth of pictures—will remain available. This decision came despite an earlier Berlin State Supreme Court ruling that Google's Street View program was legal.[125]

In September 2014, a top official in Germany called for Google to be broken up as publishers were fighting in court over compensation for the snippets of text that appear with Google News updates. The chief executive of Axel Springer, a German publishing giant, expressed fears over Google's growing influence in the country.[120]

Italy

edit

In February 2010, in a complaint brought by an Italian advocacy group for people with Down's Syndrome, Vividown, and the boy's father, three Google executives were handed six-month suspended sentences for breach of the Italian Personal Data Protection Code in relation to a video, uploaded to Google Video in 2006, of a disabled boy being bullied by several classmates.[126][127][128] In December 2012, these convictions and sentences were overturned on appeal.[129]

Norway

edit

The Data Inspectorate of Norway (Norway is not a member of the EU) investigated Google (and others) and stated that the 18- to 24-month period for retaining data proposed by Google was too long.[130]

United Kingdom

edit

On March 27, 2015, the Court of Appeal ruled that British persons have the right to sue Google in the UK for misuse of private information.[131][132]

United States

edit

In early 2005, the United States Department of Justice filed a motion in federal court to force Google to comply with a subpoena for "the text of each search string entered onto Google's search engine over a two-month period (absent any information identifying the person who entered such query)."[133] Google fought the subpoena, due to concerns about users' privacy.[134] In March 2006, the court ruled partially in Google's favor, recognizing the privacy implications of turning over search terms and refusing to grant access.[135]

In April 2008, a Pittsburgh couple, Aaron and Christine Boring, sued Google for "invasion of privacy". They claimed that Street View made a photo of their home available online, and it diminished the value of their house, which was purchased for its privacy.[136] They lost their case in a Pennsylvania court. "While it is easy to imagine that many whose property appears on Google's virtual maps resent the privacy implications, it is hard to believe that any – other than the most exquisitely sensitive – would suffer shame or humiliation," Judge Hay ruled; the Boring family was paid one dollar by Google for the incident.[137]

In May 2010, a U.S. District Court in Portland, Oregon ordered Google to hand over two copies of wireless data that the company's Street View program collected as it photographed neighborhoods.[138]

In 2012 and 2013, Google reached two settlements over tracking people online without their knowledge after bypassing privacy settings in Apple's Safari browser. The first was a settlement in August 2012 for $22.5 million with the Federal Trade Commission—the largest civil penalty the FTC has ever obtained for a violation of a Commission order.[78] The second was a November 2013 settlement for $17 million with 37 states and the District of Columbia. In addition to the fines, Google agreed to avoid using software that overrides a browser's cookie-blocking settings, to avoid omitting or misrepresenting information to individuals about how they use Google products or control the ads they see, to maintain for five years a web page explaining what cookies are and how to control them, and to ensure that the cookies tied to Safari browsers expire. In both settlements Google denied any wrongdoing, but said it discontinued circumventing the settings early in 2012, after the practice was publicly reported, and stopped tracking Safari users and showing them personalized ads.[139]

In September 2019, Google was fined $170 million by the Federal Trade Commission in New York for violation of COPPA regulations on its YouTube platform. YouTube was required to add a feature to allow video uploaders to flag videos made for users under 13 years old. Adverts were prohibited in videos flagged as such. YouTube was also required to ask for parents' permission before collecting personal information from children.[140]

DoubleClick ads combined with other Google services

edit

In the summer of 2016, Google quietly dropped its ban on personally-identifiable info in its DoubleClick ad service. Google's privacy policy was changed to state it "may" combine web-browsing records obtained through DoubleClick with what the company learns from the use of other Google services. While new users were automatically opted in, existing users were asked if they wanted to opt in, and it remains possible to opt out in the Activity controls of the My Account page for a Google account. ProPublica stated that "The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct." Google contacted ProPublica to correct the fact that it didn't "currently" use Gmail keywords to target web ads.[8]

See also

edit

References

edit
  1. ^ "Privacy Policy – Privacy & Terms". Google. Retrieved March 24, 2019.
  2. ^ "Will We Ever Get Strong Internet Privacy Rules?". Time. March 5, 2012.
  3. ^ a b Cade, Metz (December 7, 2009). "Google chief: Only miscreants worry about net privacy". The Register.
  4. ^ a b "Google ranked 'worst' on privacy". BBC News. June 11, 2007.
  5. ^ "Consultation Report: Race to the Bottom? 2007" Archived June 12, 2007, at the Wayback Machine, Privacy International, June 9, 2007
  6. ^ Delichatsios, Stefanie Alki; Sonuyi, Temitope, "Get to Know Google...Because They Know You", MIT, Ethics and Law on the Electronic Frontier, 6.805, December 14, 2005
  7. ^ "No anonymity on future web says Google CEO". THINQ.co.uk. August 5, 2010. Archived from the original on August 15, 2010. Retrieved August 7, 2010.
  8. ^ a b Angwin, Julia (October 21, 2016). "Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking". ProPublica. Retrieved October 23, 2016.
  9. ^ "Thousands of Reddit users are trying to delete Google from their lives, but they're finding it impossible because Google is everywhere". Business Insider.
  10. ^ a b Cope, S., & Cardozo, N.(2018). It's Tie to Make Student Privacy a Priority. Tech & Learning, 38(9), pp. 32-33.
  11. ^ Google Blocking Web Privacy Proposals at W3C
  12. ^ "Google Blocks Privacy Push at the Group That Sets Web Standards". Bloomberg.com. September 24, 2019. Retrieved March 8, 2024.
  13. ^ "Google Docs Glitch Exposes Private Files". PCWorld. March 9, 2009. Retrieved February 21, 2021.
  14. ^ "Google software bug shared private online documents". The Sydney Morning Herald. March 10, 2009.
  15. ^ a b c Agger, Michael (October 10, 2007). "Google's Evil Eye: Does the Big G know too much about us?". Slate. Retrieved October 23, 2007.
  16. ^ Yan, Jack (May 5, 2011). "Google Ads Preferences Manager issue confirmed by NAI". Retrieved September 24, 2024.
  17. ^ a b "Privacy FAQ", Google, accessed October 16, 2011, and December 20, 2016
  18. ^ Sherman, Chris (2005). Google power: unleash the full potential of Google. Emeryville, California: McGraw-Hill. p. 415. ISBN 0-07-225787-3. Retrieved June 13, 2010. ...a look at Google's monopoly, algorithms, and privacy issues.
  19. ^ Varghese, Sam (January 12, 2005). "Google critic releases source code for proxy". The Age. Melbourne, Australia. Retrieved October 11, 2008.
  20. ^ Graham, Jefferson (February 9, 2010). "Google adds Facebook-like features to Gmail". USA Today. Retrieved April 30, 2010.
  21. ^ "Transparency Report: User Data Requests", Google. Retrieved December 20, 2016.
  22. ^ "EU-focused data and privacy - Analytics Help".
  23. ^ Andrienko, Gennady; Gkoulalas-Divanis, Aris; Gruteser, Marco; Kopp, Christine; Liebig, Thomas; Rechert, Klaus (July 19, 2013). "Report from Dagstuhl: the liberation of mobile location data and its implications for privacy research". SIGMOBILE Mobile Computing and Communications Review. 17 (2). ACM: 7. doi:10.1145/2505395.2505398. S2CID 1357034.
  24. ^ "Developer's Guide", Google Web Search API, July 26, 2012. Retrieved October 4, 2013.
  25. ^ Davis, Kevin. "You (probably) don't need ReCAPTCHA". Near.blog. Retrieved November 20, 2024.
  26. ^ "Off-Campus eResource Access – Paul A. Elsner Library @ Mesa Community College". login.ezp.mesacc.edu. Retrieved May 8, 2019.
  27. ^ "Limit Google Web and App Activity data retention period". Jucktion. May 29, 2019. Retrieved July 4, 2019.
  28. ^ Microsoft's Ballmer: Google Reads Your Mail ChannelWeb, October 2007
  29. ^ "Google's Gmail could be blocked", BBC News, April 13, 2004
  30. ^ "Google Gmail: Spook Heaven", Mark Rasch, The Register, June 15, 2004
  31. ^ "Gmail is too creepy". Google Watch. Archived from the original on July 14, 2009. Retrieved October 17, 2011.
  32. ^ "Privacy Policy". Retrieved February 12, 2015.
  33. ^ "Yahoo Privacy Policy". Retrieved February 12, 2015.
  34. ^ "Microsoft Privacy Statement". Microsoft. Retrieved February 12, 2015.
  35. ^ "Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail". Privacy Rights Clearinghouse. Archived from the original on January 7, 2016. Retrieved December 5, 2015.
  36. ^ a b Wingfield, Nick (February 6, 2013). "Microsoft Attacks Google on Gmail Privacy". The New York Times. Retrieved June 14, 2013.
  37. ^ Stern, Joanna. "Microsoft's 'Scroogled' Campaign Attacks Google's Gmail Ad Policies". ABC News.
  38. ^ "What privacy risks are presented by Gmail?", Gmail Privacy FAQ, Electronic Privacy Information Center (EPIC). Retrieved October 4, 2013.
  39. ^ a b c Rushe, Dominic (August 15, 2013). "Google: Gmail users shouldn't expect email privacy". The Guardian. Retrieved August 14, 2013.
  40. ^ "4 ways Google is destroying privacy and collecting your data". Salon. February 5, 2014. Retrieved May 8, 2019.
  41. ^ "Google Still Doesn't Care About Your Privacy". Fortune. Retrieved May 8, 2019.
  42. ^ Zetter, Kim (February 4, 2010). "Google Asks NSA to Help Secure Its Network". Wired. ISSN 1059-1028. Retrieved March 24, 2019.
  43. ^ Shachtman, Noah (February 4, 2010). "'Don't Be Evil,' Meet 'Spy on Everyone': How the NSA Deal Could Kill Google". Wired. ISSN 1059-1028. Retrieved March 24, 2019.
  44. ^ "Google buys CIA-backed mapping startup", Andrew Orlowski, The Register, October 28, 2004
  45. ^ Shachtman, Noah (July 28, 2010). "Exclusive: Google, CIA Invest in 'Future' of Web Monitoring". Wired. ISSN 1059-1028. Retrieved March 24, 2019.
  46. ^ "Google and CIA Invest in a Minority Report-Like Technology That May Make Our World a Less Certain Place", Bob Jacobson, Huffington Post, July 30, 2010
  47. ^ "Court rules that Google-NSA spy ties can remain secret". USA Today. The Associated Press. May 11, 2012. Retrieved May 14, 2012.
  48. ^ Greenwald, Glenn (June 6, 2013). "NSA taps in to internet giants' systems to mine user data, secret files reveal". The Guardian. Retrieved June 6, 2013.
  49. ^ "U.S. intelligence mining data from nine U.S. Internet companies in broad secret program". The Washington Post. June 6, 2013. Retrieved June 6, 2013.
  50. ^ Savage, Charlie; Wyatt, Edward; Baker, Peter (June 6, 2013). "U.S. Confirms That It Gathers Online Data Overseas". The New York Times. ISSN 0362-4331. Retrieved March 24, 2019.
  51. ^ "Google, Facebook, Dropbox, Yahoo, Microsoft And Apple Deny Participation In NSA PRISM Surveillance Program". Tech Crunch. June 6, 2013. Retrieved June 6, 2013.
  52. ^ a b c "Google reveals government data requests and censorship", Maggie Shiels, BBC News, April 20, 2010
  53. ^ "Government Requests", Google Transparency Report, accessed January 28, 2019
  54. ^ "Off-Campus eResource Access – Paul A. Elsner Library @ Mesa Community College". login.ezp.mesacc.edu. Retrieved May 7, 2019.
  55. ^ "Consumer Watchdog Exposes Google Privacy Problems ", Digital Communities, November 5, 2008
  56. ^ "How Google Chrome Doesn't protect Privacy", YouTube
  57. ^ Thompson, Chris (November 4, 2008). "Is Chrome Spying on You?". Consumer Watchdog. Archived from the original on June 5, 2013. Retrieved June 14, 2013.
  58. ^ "Incognito Mode (browse in private)". Retrieved November 4, 2013.
  59. ^ "Chrome for iOS' incognito mode isn't private, bug reveals", Tom Warren, The Verge, Vox Media, Inc., October 3, 2013. Retrieved November 4, 2013.
  60. ^ "Google Chrome Incognito Mode" Archived February 2, 2019, at the Wayback Machine, VPN Express, August 8, 2013. Retrieved November 4, 2013.
  61. ^ "EFF lawyer is smokin' on Google Street View", Dan Goodin, The Register, June 13, 2007
  62. ^ "All-seeing Google Street View prompts privacy fears", Times Online, June 1, 2007
  63. ^ "Google grabs personal info off of Wi-Fi networks". Archived from the original on May 28, 2010. Retrieved July 17, 2011., Michael Liedtke, AP, May 14, 14, 2010
  64. ^ "Google grabs personal info off of Wi-Fi networks". Archived from the original on May 28, 2010. Retrieved July 17, 2011., Michael Liedtke (AP), Yahoo! Finance, May 14, 2010
  65. ^ Shiels, Maggie (May 15, 2010). "Google admits wi-fi data blunder". BBC News.
  66. ^ "Google: Streetview data letter in full".
  67. ^ Streitfeld, David (September 10, 2013). "Court Says Privacy Case Can Proceed vs. Google". The New York Times. ISSN 0362-4331. Retrieved March 24, 2019.
  68. ^ Joffe v. Google, Opinion by Judge Jay S. Bybee, U.S. Court of Appeals for the Ninth Circuit, No. 11-17483, D.C. No. 5:10-md-02184-JW, September 10, 2013. Retrieved November 17, 2013.
  69. ^ In re Google Inc. Street View Electronic Communication Litigation, Chief Judge James Wade, United States District Court, N.D. California, San Francisco Division, C 10-MD-02184 JW, 794 F.Supp.2d 1067, June 29, 2011.
  70. ^ Kent Row. "Infosecurity Blogs". Infosecurity Magazine. Retrieved February 12, 2015.
  71. ^ "Configure access points with Google Location Service". Retrieved February 12, 2015.
  72. ^ "Lawyers in YouTube lawsuit reach user privacy deal", Eric Auchard, Reuters, July 15, 2008
  73. ^ "Google and Viacom reach deal over YouTube user data", Mark Sweney, The Guardian, July 15, 2008
  74. ^ "Viacom backs down over YouTube lawsuit", Fiona Ramsay, Media Week, July 15, 2008
  75. ^ Masnick, Mike (September 6, 2019). "FTC's Latest Fine Of YouTube Over COPPA Violations Shows That COPPA And Section 230 Are On A Collision Course". Techdirt. Retrieved September 7, 2019.
  76. ^ Saltzman, Marc (February 9, 2010). "Google adds Facebook-like features to Gmail". USA Today. Retrieved April 30, 2010.
  77. ^ "Google's Buzz 'Has Serious Privacy Flaws'" Archived May 18, 2012, at the Wayback Machine, Roddy Mansfield, Sky News Online, February 12, 2010
  78. ^ a b Maggs, Peter (2013). Internet and Computer Law (4th ed.). West. p. 686. ISBN 978-0-314-28759-5.
  79. ^ Whitney, Lance (July 26, 2011). "Google+ name policy 'frustrating,' Google confesses". CNET. Retrieved October 30, 2012.
  80. ^ "User Content and Conduct Policy". July 12, 2011. Retrieved August 27, 2011.
  81. ^ McCracken, Harry (September 22, 2011). "Google+'s Real-Name Policy: Identity vs. Anonymity". Time. Archived from the original on September 22, 2011. Retrieved July 22, 2021.
  82. ^ Clint Boulton (July 26, 2011). "Google+ Real Name Policy Refresh Afoot Amid Privacy Concerns". Eweek.com. Retrieved October 30, 2012.
  83. ^ Clint Boulton (August 12, 2011). "Google to Enforce Real Name Policy After 4 Days". Eweek.com. Retrieved October 30, 2012.
  84. ^ "In a Switch, Google Plus Now Allows Pseudonyms", Claire Cain Miller, New York Times, January 23, 2012. Retrieved October 3, 2013.
  85. ^ "Google+ Page and Profile Names – Google+ Help". Retrieved October 30, 2012.
  86. ^ A Spink, BJ Jansen, J Pedersen (2004) Searching for people on web search engines. Journal of Documentation 60 (3), 266-278.
  87. ^ Zawinski, Jamie (August 20, 2011). "Nym Wars". Retrieved August 27, 2011.
  88. ^ Marks, Kevin (August 20, 2011). "Epeus' epigone: Google Plus must stop this Identity Theatre". Retrieved August 27, 2011.
  89. ^ Scoble, Robert (August 20, 2011). "Several people have asked me to make this a real post so it…". Retrieved August 27, 2011.
  90. ^ a b York, Jillian (July 29, 2011). "A Case for Pseudonyms". Electronic Frontier Foundation. Retrieved August 27, 2011.
  91. ^ "Google's Real Names Policy Is Evil", Mat Honan, Gizmodo, August 12, 2011. Retrieved October 3, 2013.
  92. ^ "Elgan: Even Google hates its own 'names' policy", Mike Elgan, Computerworld, August 13, 2011. Retrieved October 3, 2013.
  93. ^ "Google Plus's 'Real Name' policy is abusive; Facebook is not a 'Real Name' success story", Cory Doctorow, Boing Boing, August 4, 2011. Retrieved October 3, 2013.
  94. ^ Alex "Skud" Bayley (June 10, 2010). "Hacker News and Pseudonymity". GeekFeminism.org. Retrieved October 18, 2011.
  95. ^ Kaste, Martin (September 28, 2011). "Who Are You, Really? Activists Fight for Pseudonyms". NPR.org. Retrieved October 18, 2011.
  96. ^ Peterson, Myles (October 4, 2011). "Brand Wars". CanberraTimes.com.au. Retrieved October 18, 2011.
  97. ^ Stilgherrian (September 27, 2011). "Google+: What's In a Name?". ABC.net.au. Retrieved October 18, 2011.
  98. ^ Alex, Jirko (September 7, 2011), Google+: Klarnamenzwang-Disput verwirrt Unionspolitiker (in German), ComputerBase.
  99. ^ Danah Boyd (September 5, 2011), Designing for social Norms (or How Not to Create Angry Mobs)
  100. ^ a b Bakke, Kurt (April 2011). "Chrome Shields Websites From Denial-Of-Service Attacks". Conceivably Tech. Archived from the original on April 19, 2011. Retrieved April 20, 2011.
  101. ^ Bakke, Kurt (April 2011). "Google Menu Ad Tracking: A Case Of Bad Timing?". Conceivably Tech. Archived from the original on April 26, 2011. Retrieved April 20, 2011.
  102. ^ Dotzler, Asa (April 2011). "Chrome, Do Not Track, and Google Advertising". Archived from the original on April 23, 2011. Retrieved April 20, 2011.
  103. ^ "Keep My Opt-Outs, Chrome Web Store". Archived from the original on May 7, 2011. Retrieved June 19, 2011.
  104. ^ Thurrott, Paul (January 25, 2011). "Daily Update: Google's Do Not Track Solution, Apple Stuff, Crysis 2 Demo, More". Archived from the original on January 28, 2013. Retrieved April 22, 2011.
  105. ^ "Google and Chrome To Support Do Not Track". Archived from the original on February 26, 2012. Retrieved March 3, 2012.
  106. ^ Aonghusa, Pól Mac; Leith, Douglas J. (August 5, 2016). "Don't Let Google Know I'm Lonely". ACM Transactions on Privacy and Security. 19 (1): 1–25. arXiv:1504.08043. doi:10.1145/2937754. S2CID 14277966.
  107. ^ "Search Beyond Google". MIT Technology Review. Retrieved October 24, 2020.
  108. ^ "Scroogle, Privacy-First Search Engine, Shuts Down for Good | Betabeat — News, gossip and intel from Silicon Alley 2.0". February 24, 2012. Archived from the original on February 24, 2012. Retrieved August 25, 2018.
  109. ^ Beuth, Patrick (February 15, 2012). "Anonymisierte Google-Suche über Scroogle ist blockiert" [Anonymized Google Search via Scroogle is blocked]. Die Zeit Online (in German). Retrieved February 24, 2012. (English translation).
  110. ^ "Scroogle.org Site Info". Alexa.com. 2012. Archived from the original on October 3, 2011. Retrieved February 27, 2012.
  111. ^ "EU probes Google grip on data", Maija Palmer, Financial Times, May 24, 2007
  112. ^ "Google privacy policy 'is vague'", Darren Waters, BBC News, May 31, 2007
  113. ^ a b Barzic, Gwenaelle; Huet, Natalie (February 7, 2014). "French court orders Google to display fine for privacy breach". Reuters. Retrieved February 8, 2014.
  114. ^ European Court of Justice (May 13, 2014). "Judgment of the Court of Justice in Case C-131/12: An internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties" (Press release). Luxembourg. Retrieved May 13, 2014.
  115. ^ Kanter, James; Scott, Mark (May 13, 2014). "Google Must Honor Requests to Delete Some Links, E.U. Court Says". The New York Times. Retrieved May 13, 2014.
  116. ^ "Czech Republic stops Google from further Street View photography", Cyrus Farivar (Reuters), Deutsche Welle, September 15, 2010
  117. ^ "Czech Republic blocks Google's data mapping feature", J.G. Enriquez, Seer Press News, September 25, 2010
  118. ^ "Czech Republic Gives Google Green Light To Resume Street View". February 3, 2012. Retrieved July 21, 2015.
  119. ^ "The CNIL's Sanctions Committee issues a 150 000 € monetary penalty to GOOGLE Inc". CNIL. January 8, 2014. Retrieved February 8, 2014.
  120. ^ a b Hakim, Danny (September 8, 2014). "Google Is Target of European Backlash on U.S. Tech Dominance". The New York Times. ISSN 0362-4331. Retrieved March 24, 2019.
  121. ^ "France fines Google and Facebook over cookies". BBC. January 7, 2022. Retrieved October 7, 2024.
  122. ^ "Google tells German privacy authority to wait for hard drive – May. 27, 2010". archive.fortune.com. Retrieved November 14, 2021.
  123. ^ "Google Relents, Will Hand Over European Wi-Fi Data", Robert McMillan, PC World/IDG News, June 3, 2010
  124. ^ "German vandals target Street View opt-out homes", BBC News, November 24, 2010.
  125. ^ "Google Abandons Street View in Germany", David Murphy, PC Magazine, April 10, 2011
  126. ^ "Google bosses convicted in Italy". BBC News. February 24, 2010. Retrieved April 30, 2010.
  127. ^ "Caso Google-Vividown: un bel saggio che deve far riflettere" Archived March 4, 2016, at the Wayback Machine (in Italian) ("Google case-Vividown: a good essay that should give pause"), Guido Scorza, May 16, 2010 (English translation)
  128. ^ "The Italian Google-Case: Privacy, Freedom of Speech and Responsibility of Providers for User-Generated Contents", Giovanni Sartor and Mario Viola de Azevedo Cunha, International Journal of Law and Information Technology, Vol. 18 No. 4 (Winter 2010), pp. 356–378
  129. ^ "Video del ragazzo disabile picchiato, assolti i tre manager di Google" [Video of the disabled boy beaten, acquitted the three managers of Google]. Corriere della Sera Milano (in Italian). December 21, 2012. Retrieved March 24, 2019.
  130. ^ "Google Data on Users May Break EU Law, Watchdog Says", Stephanie Bodoni, Bloomberg, May 25, 2007
  131. ^ "Google loses UK appeal court battle over 'clandestine' tracking". The Guardian.
  132. ^ "Google appeal ruling should send shivers through US tech companies". computerweekly.com. Computer Weekly.
  133. ^ "ACLU v. Alberto R. Gonzales." United States District Court (Northern District of California). August 25, 2005. Retrieved on April 13, 2007.
  134. ^ Wong, Nicole (February 17, 2006). "Response to the DOJ Motion". Google. Retrieved April 13, 2007.
  135. ^ Broache, Anne (March 20, 2006). "Judge: Google must give feds limited access to records". CNET. Archived from the original on January 20, 2013. Retrieved July 22, 2021.
  136. ^ "Couple Sues Google Over "Street View"". The Smoking Gun. April 4, 2008.
  137. ^ Kiss, Jemima (February 19, 2009). "Google wins Street View privacy case". The Guardian. London. Retrieved February 19, 2009. An American couple who attempted to sue Google over what they claimed was its "privacy invading" Street View technology have lost their case in a Pennsylvania court.
  138. ^ Bartz, Diane (May 27, 2010). "US court orders Google to copy data in Wi-Fi case". Reuters.
  139. ^ "Google to Pay $17 Million to Settle Privacy Case", Claire Cain Miller, New York Times, November 18, 2013. Retrieved November 19, 2013.
  140. ^ Singer, Natasha; Conger, Kate (September 4, 2019). "Google Is Fined $170 Million for Violating Children's Privacy on YouTube". The New York Times. ISSN 0362-4331. Retrieved April 12, 2020.
edit