Australian Privacy Foundation home

The association that campaigns for privacy protections

Policy Statement re Google Terms of Service

Version of Sunday 29 January 2012, 11:30 UT+11

Background

Google has long been hostile to privacy (e.g. PRC 2004, APF 2004, Clarke 2005, Clarke 2006, APF 2008). On 25 January 2012, Google Inc. abruptly announced very substantial changes in the Terms of Service and Privacy Policies that apply to consumers. The changes were declared as taking effect on 1 March 2012. Nominally, the change was to consolidate almost all of the many sets of Terms and Policies into one, very slim set. In fact, the changes go much deeper than that.

This document provides background information, identifies the massive privacy issues involved, and declares the APF's policy on the matter. It focusses on consumer services, and does not consider the Terms and Policies applicable to organisations that have 'entreprise' contracts with Google that are distinct from the contracts formed simply through use of Google's services. It also excludes the gratis version of Google Apps.

If you want to skip the analysis and read the conclusions, they're here:

Google's Services

Google Inc. offers a wide range of services over the Web. People find many of them attractive, some of them are seen by many to be superior to alternatives in at least some respects, and a few of them are leaders in their particular field. Many of the services are experimental. All of the services are subject to being materially modified with little or no notice, resulting in many of them behaving in unpredictable ways. In addition, scores of Google services have been withdrawn, also with little or no notice. Nonetheless, a number of Google's services have very large numbers of trusting users, who are in some cases heavily dependent on them.

The company's business model is based on advertising revenue. Users pay no fees for their use of the services. The position may not be entirely clear at law, but the reasonable assumption is that each consumer has one or more contracts with Google. This is firstly because users provide consideration in the form of a substantial amount of data about themselves, and in some cases about other people as well, together with the freedom to use that data for a wide variety of purposes. In addition, Google's General Terms of Service say "Your use of Google’s products, software, services and web sites (referred to collectively as the “Services” in this document and excluding any services provided to you by Google under a separate written agreement) is subject to the terms of a legal agreement between you and Google" (1.1) and "Unless otherwise agreed in writing with Google, your agreement with Google will always include, at a minimum, the terms and conditions set out in this document. These are referred to below as the 'Universal Terms'" (1.2).

A number of Google's services are available to all comers, without requiring the user to have an account and without having to login to the service. Currently, these comprise Google search facilities including sub-services such as Google Scholar and Google News, Google Maps and Streetview, and Google Books. Such users are, however, readily identifiable by the company by such means as cookies, their commonly-used IP-address and their browser-signature.

Most Google services, on the other hand, require the user to have an account and to login to it before using the service. Some important examples of such services are Gmail, Talk (Instant Messaging), Groups, Google+ (social networking, which replaced the failed Orkut and Buzz services), Picasa (photos), YouTube (videos) and Docs (documents). Google provides this list of current services, and Wikipedia maintains a more comprehensive list, including withdrawn services.

Android mobile phones effectively trap users into having a Google user account, so that their users yield up a vast amount of their personal data even if they were unaware when they acquired their phone that the operating system on it is a Google product.

Any use of Google Mobile, on any mobile device such as a smartphone or tablet, involves surrender to the company of your phone-number, device and SIM-IDs. In many circumstances you also surrender your location to Google, on an ongoing basis, thereby generating tracking data about your movements. This applies particularly if you use Google Latitude.

Having a Google user account involves accepting, without question, whatever Terms of Service and Privacy Policy the company chooses to impose, including all changes that the company chooses to make. For example, the company is free to declare that it can gather all personal data that comes from any location and that appears to relate to the user, and to consolidate that information, and to use it for any purposes that it wishes to, and to disclose it to any organisation that it wishes to. Although this might nominally be subject to any consumer protection or data protection laws that apply in whatever country the company provides the service from, Google has enjoyed freedom from effective enforcement actions by regulators in many countries.

Many of these services not only involve the gifting to Google of a great deal of personal data about the user, but also a great deal of personal data about other people. This data includes the fact that there is an association with that user, personal comments made in emails and in closed groups, contact-points stored in address-books, and statements, images, video and interactions in social networking contexts.

Currently, to open a Google account or to use it, "you may be required to provide information about yourself (such as identification or contact details)", which you agree "will always be accurate, correct and up to date" (Term 5.1). It is unclear what that Term means. It would appear to preclude pseudonyms, although that is ignored by many users, and it appears that Google currently neither searches for instances of breach, nor seeks to enforce the requirements of 'accuracy' and 'correctness'.

It appears that a person is permitted to open multiple accounts. But if each account has to include "accurate, correct and up to date ... identification and contact details", then the accounts are easily detectable by Google as belonging to the same person, and the personal data arising in respect of all such duplicate accounts is capable of being correlated.

There is evidence to suggest that it is already doing so. In addition, Google has already imposed a 'real names' policy in respect of the Google+ (social networking) service. It enforces that policy, and it has refused tens of thousands of registrations (many of them for completely unjustifiable reasons). It is reasonable to infer that Google will progressively extend that policy.

Google's Terms and Policies Prior to the Change

As noted in Clarke (2010b), the experience of studying Google's Terms of Service has long been bewildering, because of "the labyrinthine structure of the documents that express the Terms applicable to the services: the Google Gmail, Groups, Docs, Apps and specific Apps services are variously subject to base Terms in one document, additional Terms in another document, and a considerable number of add-on documents ...". It is understood that many businesses, government agencies and educational institutions that use Google services are subject to specific contracts and Terms of Service, rather than to the Terms and Policies considered here. That includes Google Apps (which is the 'enterprise' version of Docs).

Google previously, in late 2010, declared its intention to 'simplify' its privacy policies. The reduction in privacy safeguards that this would lead to was drawn to attention by US consumer groups at the time.

The following links provide access to some of the most significant of the scores of web-pages that contain Terms and Policies relevant to consumers, as at 27 January 2012:

The existing Terms relating to 'second-party risk' (i.e. 'what damage can Google itself do to its users?') were analysed in Clarke (2010a, 2010b). This research showed the Terms to be extraordinarily favourable to the company, and detrimental to consumers. For example, the company claims that:

In relation to most Google services, the powers that the company currently grants itself enables it to use and disclose the vast quantities of personal data that it gathers, in order "to display, distribute and promote the Services" (11.1). The term 'the Services' is defined as "Google’s products, software, services and web sites [but] excluding any services provided to you by Google under a separate written agreement" (1.1). Notable exceptions to this are:

There is a world of difference between the power to use and disclose the personal data that you provide when using a particular service in order to:

The Terms purport to provide Google with the capability to make any change, and to renege on any previous undertaking. This may, of course, be subject to over-riding laws in whatever jusrisdiction(s) the services are subject to – always assuming that those laws are actually enforceable, and are actually enforced. Many country's regulators, notably those of the USA and Australia, have proven to be far too respectful of Google Inc., and have failed to exercise their powers in order to protect consumers.

The Nature of the Changes

The changes were announced on 24 January 2012 here (mirror) and here (mirror) and explained here (mirror). They comprised new, consolidated Terms of Service (mirror) and a new, consolidated Privacy Policy (mirror). The company declared that they would take effect on 1 March 2012.

The existing sets of Terms of Service and Privacy Policies would cease to apply, and the new unified Terms of Service and Privacy Policy purport to apply thereafter. The document contemplates some Services having "additional" terms, but gives no indication as to which Services that applies to.

The new Terms purport to apply retrospectively to all existing personal data held by Google. This represents a renege on the undertakings previously given. It is likely to be in breach of consumer protection laws in a range of jurisdictions, particularly in Europe and Australia.

The new Terms purport to apply automatically to anyone who has a Google account on that date. The company claims that no act of consent is necessary. There is a previous undertaking to make information about changes to Terms and Policies available on the company's web-site. There is no undertaking to provide notice of the change to individual users (although it appears that some and perhaps all users have had notice sent to them).

No reconciliation was provided between the old and the new Terms and Policies.

It will require long, patient and careful analysis to understand the changes. Because no consultative process occurred, and no reconciliation was provided, this may not be completed before the date when the company has declared that the changes will take effect.

There appear to be particularly critical changes in the purpose that Google declares for personal data that people yield up to it when using its services:

  1. the data may now be used and disclosed by Google for "operating, promoting, and improving our Services". This was previously limited to "display, distribute and promote"
  2. the data may now be "used to develop new [Services]". This was not previously explicit
  3. the data may now be used forever, and you cannot withdraw your approval because it says "This license continues even if you stop using our Services". This was not previously explicit
  4. the Terms appear to apply to Google Docs and YouTube. Previously, personal data arising from those services was subject to far more restrictive Terms
  5. the Terms appear to apply even if there is a separate contract. This was previously subject to the clause "excluding any services provided to you by Google under a separate written agreement"

The User's Ability to Reject the New Terms

There is no choice, nor any form of opt-out. Google claims that all account-holders are subject to the Terms, in respect of all use ever made of any service.

Users may terminate their accounts, but it appears that this may not be simple. For example, current Term 13.2 says that you must notify Google "in writing, to Google’s address which is set out at the beginning of these Terms" [i.e. 1600 Amphitheatre Parkway, Mountain View, CA 94043]. The absence of an email-address or even a web-form means that you have to use the postal service. In addition, it may be that you have to take separate actions in respect of each service.

Termination removes the ability of the user to access the data. But it is highly unlikely to result in deletion of the data. Google long ago gave itself the right to retain your personal data after you terminate your account. Users granted Google rights to use and disclose their personal data for the provision of the services, and the data continues to be useful for that purpose. Moreover, Google claims that it can unliaterally change the Terms in any way it likes, e.g. to increase the purposes for which it may use and disclose the data, and it claims that those changes have retrospective effect on all of the personal data that they hold.

The Negative Privacy Impacts of the Changes

  1. All personal data gathered by Google, about all users, becomes available to Google for any purpose related to any of its services, e.g. Gmail communications can be applied not only to your own Gmail service but to other Gmail users and the Gmail service generally, and to both your Google+ service and other users' Google+ services and the Google+ service generally, and data arising from your use of Google+ can be applied to other people's Gmail, Docs, YouTube, etc. This applies to users who have no accounts, and to users that have accounts, and to data correlated between accounts, and between unidentified users and accounts
  2. All personal data gathered by Google is available for disclosure to any organisation for any purpose related to any of its services, and also for any purposes required or authorised by law. This applies to users who have no accounts, and to users that have accounts, and to data correlated between accounts, and between unidentified users and accounts
  3. This includes all personal data that was gathered by Google prior to 29 February 2011, about all users, and that was gathered under the pretence that it was only for a more restricted set of uses and disclosures, i.e. the change represents a renege on prior undertakings
  4. The personal data that has accumulated is unlikely to be deleted, even if the person terminates their account
  5. It appears that pseudonymous accounts are already precluded, and hence that where users have multiple accounts they are already subject to being correlated and the associated personal data consolidated. It appears likely that Google will enforce those conditions in the near future, because it requires 'real names' for all Google+ accounts.
  6. Enforced 'real names', combined with the retrospective application of changed Terms, and the permanent retention of all personal data, means that personal data that has hitherto been restricted to one context-of-use will be consolidated, and will be available to Google, its business partners, and any organisation that can otherwise gain access to it through search warrants, court orders and legislative authoritisations, including other business enterprises and government agencies, in any country that can achieve rapport with Google, or to whose jurisdiction Google is subject, or ever becomes subject
  7. Because no careful analysis has been published of the complete set of changes inherent in the replacement of scores of documents with two, there is a very strong likelihood that other serious problems will emerge, which may be intentional on Google's part, or accidental
  8. The massive pool of data represents the world's greatest personal-data 'honey-pot'. It will attract attention from business enterprises, governments and organised crime, throughout the world. Those organisations will invest a great deal of effort into commercial, legal and technical means of gaining access to portions of that data that offer them benefits
  9. Threats are created for all consumers and citizens, who will be subject to even more well-informed endeavours to manipulate their behaviour and their opinions
  10. Enormous threats are created for the many categories of persons-at-risk. These include VIPs, celebrities, notorieties, different-thinkers, dissidents, victims of domestic violence, people in sensitive occupations such as prison management and psychiatric health care. These people are in every country in the world, many of them with poor records in civil freedoms and in human rights. The only categories of people whose pseudonyms are supported by the state are protected witnesses, spies and undercover law enforcement and security operatives

In addition to the many serious public policy concerns about Google's present and proposed future Terms and Policies, aspects of them appear to be in breach of the laws of various countries, and of the FTC's order of March 2011 (e.g. ArsTechnica 28 January 2012). Members of Congress have also expressed concern (26 January 2012).

APF Policy Position

  1. Google does not have unfettered freedom:
  2. The regulatory and oversight agencies that are responsible for consumer protection and data protection, in all countries, must immediately:
  3. Google must be required to do the following:

References

APF (2004) 'Google GMail Service - Letter to Federal Privacy Commissioner' Australian Privacy Foundation, April 2004

APF (2008) 'APF Policy Statement re Google StreetView' Australian Privacy Foundation, April 2008

Clarke R. (2005) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template of 19 December 2005' Xamax Consultancy Pty Ltd, December 2005

Clarke R. (2006) 'Google's Challenges to Privacy Law and Practice', section of 'Google's Gauntlets' Computer Law & Security Report 22, 4 (July-August 2006) 287-297

Clarke R. (2010a) 'Internet Users' Second-Party Exposure' Xamax Consultancy Pty Ltd, December 2010

Clarke R. (2010b) 'Internet Users' Second-Party Exposure – Detailed Analysis - 2: Google' Xamax Consultancy Pty Ltd, December 2010

PRC (2004) 'Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail' Privacy Rights Clearing House, April 2004

Tsukayama H. (2012) 'FAQ: Google’s new privacy policy' The Washington Post, 25 January 2012

Kang C. (2012) 'Experts: Google privacy shift will have greater impact on Android users' The Washington Post, 26 January 2012


APF thanks its site-sponsor:     Hosted by GoWeb image This web-site is periodically mirrored by
the Australian National Library's Pandora Archive
Free PageRank Checker

Created: 25 January 2012 - Last Amended: 29 January 2012 by Name Name - Site Last Verified: 11 January 2009
© Australian Privacy Foundation Inc., 1998-2011  -   Mail to Webmaster
Site Map   -   This document is at http://www.privacy.org.au/Directory/Page.html  -   Privacy Policy