Version of Sunday 29 January 2012, 11:30 UT+11
Google has long been hostile to privacy (e.g. PRC 2004, APF 2004, Clarke 2005, Clarke 2006, APF 2008). On 25 January 2012, Google Inc. abruptly announced very substantial changes in the Terms of Service and Privacy Policies that apply to consumers. The changes were declared as taking effect on 1 March 2012. Nominally, the change was to consolidate almost all of the many sets of Terms and Policies into one, very slim set. In fact, the changes go much deeper than that.
This document provides background information, identifies the massive privacy issues involved, and declares the APF's policy on the matter. It focusses on consumer services, and does not consider the Terms and Policies applicable to organisations that have 'entreprise' contracts with Google that are distinct from the contracts formed simply through use of Google's services. It also excludes the gratis version of Google Apps.
If you want to skip the analysis and read the conclusions, they're here:
Google Inc. offers a wide range of services over the Web. People find many of them attractive, some of them are seen by many to be superior to alternatives in at least some respects, and a few of them are leaders in their particular field. Many of the services are experimental. All of the services are subject to being materially modified with little or no notice, resulting in many of them behaving in unpredictable ways. In addition, scores of Google services have been withdrawn, also with little or no notice. Nonetheless, a number of Google's services have very large numbers of trusting users, who are in some cases heavily dependent on them.
The company's business model is based on advertising revenue. Users pay no fees for their use of the services. The position may not be entirely clear at law, but the reasonable assumption is that each consumer has one or more contracts with Google. This is firstly because users provide consideration in the form of a substantial amount of data about themselves, and in some cases about other people as well, together with the freedom to use that data for a wide variety of purposes. In addition, Google's General Terms of Service say "Your use of Google’s products, software, services and web sites (referred to collectively as the “Services” in this document and excluding any services provided to you by Google under a separate written agreement) is subject to the terms of a legal agreement between you and Google" (1.1) and "Unless otherwise agreed in writing with Google, your agreement with Google will always include, at a minimum, the terms and conditions set out in this document. These are referred to below as the 'Universal Terms'" (1.2).
A number of Google's services are available to all comers, without requiring the user to have an account and without having to login to the service. Currently, these comprise Google search facilities including sub-services such as Google Scholar and Google News, Google Maps and Streetview, and Google Books. Such users are, however, readily identifiable by the company by such means as cookies, their commonly-used IP-address and their browser-signature.
Most Google services, on the other hand, require the user to have an account and to login to it before using the service. Some important examples of such services are Gmail, Talk (Instant Messaging), Groups, Google+ (social networking, which replaced the failed Orkut and Buzz services), Picasa (photos), YouTube (videos) and Docs (documents). Google provides this list of current services, and Wikipedia maintains a more comprehensive list, including withdrawn services.
Android mobile phones effectively trap users into having a Google user account, so that their users yield up a vast amount of their personal data even if they were unaware when they acquired their phone that the operating system on it is a Google product.
Any use of Google Mobile, on any mobile device such as a smartphone or tablet, involves surrender to the company of your phone-number, device and SIM-IDs. In many circumstances you also surrender your location to Google, on an ongoing basis, thereby generating tracking data about your movements. This applies particularly if you use Google Latitude.
Many of these services not only involve the gifting to Google of a great deal of personal data about the user, but also a great deal of personal data about other people. This data includes the fact that there is an association with that user, personal comments made in emails and in closed groups, contact-points stored in address-books, and statements, images, video and interactions in social networking contexts.
Currently, to open a Google account or to use it, "you may be required to provide information about yourself (such as identification or contact details)", which you agree "will always be accurate, correct and up to date" (Term 5.1). It is unclear what that Term means. It would appear to preclude pseudonyms, although that is ignored by many users, and it appears that Google currently neither searches for instances of breach, nor seeks to enforce the requirements of 'accuracy' and 'correctness'.
It appears that a person is permitted to open multiple accounts. But if each account has to include "accurate, correct and up to date ... identification and contact details", then the accounts are easily detectable by Google as belonging to the same person, and the personal data arising in respect of all such duplicate accounts is capable of being correlated.
There is evidence to suggest that it is already doing so. In addition, Google has already imposed a 'real names' policy in respect of the Google+ (social networking) service. It enforces that policy, and it has refused tens of thousands of registrations (many of them for completely unjustifiable reasons). It is reasonable to infer that Google will progressively extend that policy.
As noted in Clarke (2010b), the experience of studying Google's Terms of Service has long been bewildering, because of "the labyrinthine structure of the documents that express the Terms applicable to the services: the Google Gmail, Groups, Docs, Apps and specific Apps services are variously subject to base Terms in one document, additional Terms in another document, and a considerable number of add-on documents ...". It is understood that many businesses, government agencies and educational institutions that use Google services are subject to specific contracts and Terms of Service, rather than to the Terms and Policies considered here. That includes Google Apps (which is the 'enterprise' version of Docs).
Google previously, in late 2010, declared its intention to 'simplify' its privacy policies. The reduction in privacy safeguards that this would lead to was drawn to attention by US consumer groups at the time.
The following links provide access to some of the most significant of the scores of web-pages that contain Terms and Policies relevant to consumers, as at 27 January 2012:
The existing Terms relating to 'second-party risk' (i.e. 'what damage can Google itself do to its users?') were analysed in Clarke (2010a, 2010b). This research showed the Terms to be extraordinarily favourable to the company, and detrimental to consumers. For example, the company claims that:
In relation to most Google services, the powers that the company currently grants itself enables it to use and disclose the vast quantities of personal data that it gathers, in order "to display, distribute and promote the Services" (11.1). The term 'the Services' is defined as "Google’s products, software, services and web sites [but] excluding any services provided to you by Google under a separate written agreement" (1.1). Notable exceptions to this are:
There is a world of difference between the power to use and disclose the personal data that you provide when using a particular service in order to:
The Terms purport to provide Google with the capability to make any change, and to renege on any previous undertaking. This may, of course, be subject to over-riding laws in whatever jusrisdiction(s) the services are subject to – always assuming that those laws are actually enforceable, and are actually enforced. Many country's regulators, notably those of the USA and Australia, have proven to be far too respectful of Google Inc., and have failed to exercise their powers in order to protect consumers.
The new Terms purport to apply retrospectively to all existing personal data held by Google. This represents a renege on the undertakings previously given. It is likely to be in breach of consumer protection laws in a range of jurisdictions, particularly in Europe and Australia.
The new Terms purport to apply automatically to anyone who has a Google account on that date. The company claims that no act of consent is necessary. There is a previous undertaking to make information about changes to Terms and Policies available on the company's web-site. There is no undertaking to provide notice of the change to individual users (although it appears that some and perhaps all users have had notice sent to them).
No reconciliation was provided between the old and the new Terms and Policies.
It will require long, patient and careful analysis to understand the changes. Because no consultative process occurred, and no reconciliation was provided, this may not be completed before the date when the company has declared that the changes will take effect.
There appear to be particularly critical changes in the purpose that Google declares for personal data that people yield up to it when using its services:
There is no choice, nor any form of opt-out. Google claims that all account-holders are subject to the Terms, in respect of all use ever made of any service.
Users may terminate their accounts, but it appears that this may not be simple. For example, current Term 13.2 says that you must notify Google "in writing, to Google’s address which is set out at the beginning of these Terms" [i.e. 1600 Amphitheatre Parkway, Mountain View, CA 94043]. The absence of an email-address or even a web-form means that you have to use the postal service. In addition, it may be that you have to take separate actions in respect of each service.
Termination removes the ability of the user to access the data. But it is highly unlikely to result in deletion of the data. Google long ago gave itself the right to retain your personal data after you terminate your account. Users granted Google rights to use and disclose their personal data for the provision of the services, and the data continues to be useful for that purpose. Moreover, Google claims that it can unliaterally change the Terms in any way it likes, e.g. to increase the purposes for which it may use and disclose the data, and it claims that those changes have retrospective effect on all of the personal data that they hold.
In addition to the many serious public policy concerns about Google's present and proposed future Terms and Policies, aspects of them appear to be in breach of the laws of various countries, and of the FTC's order of March 2011 (e.g. ArsTechnica 28 January 2012). Members of Congress have also expressed concern (26 January 2012).
APF (2004) 'Google GMail Service - Letter to Federal Privacy Commissioner' Australian Privacy Foundation, April 2004
APF (2008) 'APF Policy Statement re Google StreetView' Australian Privacy Foundation, April 2008
Clarke R. (2005) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template of 19 December 2005' Xamax Consultancy Pty Ltd, December 2005
Clarke R. (2006) 'Google's Challenges to Privacy Law and Practice', section of 'Google's Gauntlets' Computer Law & Security Report 22, 4 (July-August 2006) 287-297
Clarke R. (2010a) 'Internet Users' Second-Party Exposure' Xamax Consultancy Pty Ltd, December 2010
Clarke R. (2010b) 'Internet Users' Second-Party Exposure – Detailed Analysis - 2: Google' Xamax Consultancy Pty Ltd, December 2010
PRC (2004) 'Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail' Privacy Rights Clearing House, April 2004
Kang C. (2012) 'Experts: Google privacy shift will have greater impact on Android users' The Washington Post, 26 January 2012