A Privacy Review: Google
I read Google's privacy policy for you
This is a follow up to How to Know if Your Data is Being Used Maliciously. If you enjoy this overview of a company privacy policy let me know with a like and I can make this a regular series.
Google is an excellent case study for privacy because they’re so closely scrutinized regarding data and have been heavily criticized in the past. I’m going to step through Google’s privacy policy to outline some details. I’ll try to add a little more detail about the policy from my experience as an employee.
Disclaimer: I’m not speaking for Google throughout this article, the opinions expressed are my own.
A quick review on how to protect your data
These are the question to know the answer to before letting a company handle your data:
What data does the company collect?
Does a company sell your data?
How does the company use your data?
Does the company give you control over your data?
Is your data stored safely?
Does the company handle data with respect to local laws?
Answering these six will let you answer the ultimate question: Can you trust this company with your data?
A Case Study: Google Ads
You can read Google’s privacy policy here. Quotes in the following sections are taken from there.
What data does Google collect?
Google collects personal identifiers, demographic information, commercial information, biometric information, internet and network information, location information, audio and visual information, communication data, health information, professional information, information users provide, and any information that can be inferenced from the above.
This means Google collects anything they can use to better their services. This means data you provide them and data that can be inferenced from your usage of their services. With the breadth of Google products, this can be particularly scary. That’s why it’s important to make sure this data is used properly.
Does Google sell user data?
Google does not sell your personal information. Google also does not “share” your personal information as that term is defined in the California Consumer Privacy Act (CCPA).
No. Google doesn’t sell data to other companies; however, this has been disputed by users with the recent acquisition of Google Domains by Squarespace. While the acquisition doesn’t violate Google’s privacy policy, does selling Google Domains user information to another company qualify as selling user data?
My opinion is no. Acquisitions are a part of business and Google has provided ample time for users to move data off their platform before the acquisition goes through. As a Google Domains customer, I’m unhappy with the acquisition but I don’t think this classifies as selling user data.
How does Google use your data?
Google uses data for providing their services, maintaining & improving their services, developing new services, providing personalized services (including content and ads), measuring service performance, communicating with you, and protecting Google, their users, and the public.
For some more concrete examples, data Google gathers allows them to provide these services:
Google maps
Pixel screen dimming
Battery saving features
YouTube video recommendations
Tailored search results
Relevant ad experiences
And many more.
Does Google give me control over my data?
You can export a copy of your information or delete it from your Google Account at any time.
If you go to your Google account and click “Manage your data & privacy”, you can see how your data is used and you’re even given the option to delete or export it. You can also use Google’s Privacy Checkup tool to set up automation that deletes your data for you.
Does Google store your data safely?
All Google products are built with strong security features that continuously protect your information.
The actual hardware and software used for data storage uses state-of-the-art security. Personal user data is especially restricted and anonymized wherever possible—this is something I’ve dealt with when building services as an employee.
Beside the actual physical security of your data, Google continues on to say:
We use encryption to keep your data private while in transit
We offer a range of security features, like Safe Browsing, Security Checkup, and 2 Step Verification to help you protect your account
We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
We restrict access to personal information to Google employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Does Google handle data according to privacy laws?
We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.
Google regularly makes updates to their privacy policy to comply with regulation and updates services and data handling accordingly. Google also complies with legal frameworks for international data transfer and will always uphold data handling to their privacy policy standards regardless of what geographic location that data is stored.
As an employee, every time I’ve built a new service privacy laws have been at the forefront of the design process. I’ve also seen firsthand the amount of resources that go into updating services according to new privacy regulations.
Is Google trustworthy?
This is for you to decide.
What frightens most people about Google’s privacy policy is just the sheer amount of data Google collects. It lets them get a clear picture of anyone using their services. It also lets them tailor many incredibly convenient services to meet a specific user’s needs—a convenience nearly everyone using technology enjoys every day.
Some of the biggest complaints about Google’s data usage I’ve seen online are:
Tailoring ads to make users more apt to click them. The debate is: Does this enhance the user experience or just drive the user toward spending more money?
Google can track users across multiple platforms and services. This makes it difficult for non-tech savvy users to understand when Google is tracking their data.
The Google Buzz incident leaked private user information to their friends. Privacy incidents break user trust and Google is still working to earn that back after this information leak. This incident seems to be what catapulted a more serious look into privacy practices across Google and the rest of the industry that led to the privacy rules we have today. As an employee, this is often brought up as a reminder of how important proper privacy practices are. I’m grateful it isn’t just swept under the rug and forgotten; instead it’s something employees are meant to think about throughout their work.
Do you think Google can be trusted with your data?
Support me for pennies
100 of them to be exact. Support independent writing and let me know you enjoy my articles for just $1 a month.
Connect with me
I love writing, but I love conversing about these topics even more! Connect with me on LinkedIn, Twitter/X, and YouTube. And, of course, subscribe for more articles like this.
