Laundry List of Sins

By Lisa Vaas  |  Posted 2007-06-12 Print this article Print

"[Data brokers are] outside the scope of this study, or of publication, at this stage," Davies said. "Part of the reason is that brokers are in some senses a separate category. Were talking about an industry in its own rights, which should be dealt with in its own way. … Were concerned that there are countless companies proclaiming to protect privacy and that have privacy-friendly policies but which fail the grade. Were concerned about the deception that permeates the entire Internet. That was more our concern at this early stage. Im sure well deal with the brokers in due point." When asked why Googles privacy sins would stand out from those of other Internet giants such as eBay, Microsoft or AOL, for example, Davies pointed to Googles "lack of transparency … lack of accountability [and] lack of user control."
"These are areas where almost everybody falls short," he said.
In fact, he said, the dismal privacy rankings of other companies have largely escaped notice. Microsofts privacy policies, for example, are in "disarray," Davies said, given the companys "fragmented structure," which "makes application of privacy structures very difficult." "Thats an area that should attract vigorous attention. We understand … that ranking Google in black would be controversial, but we did expect there to be" more attention paid to the poor rankings of other companies, he said. Apple in particular gets a low privacy ranking, due in large part to its DRM efforts, he pointed out. PI ranked it red, for "substantial and comprehensive privacy threats." Some complaints about Apple from the PI report: "Kept quiet on the potential watermarking of DRM-free iTunes songs. … Sought to disclose the names of sources to bloggers stories. … Shares data with other companies to manage and enhance customer data. Collects clickstream data. Does not consider IP address as personal information. Also collect clickthrough data. Ministore collected list of music on home computers." Still, in comparison, Google got spanked. This is a partial list of what PI claims are the privacy sins Google is committing:
  • Google account holders that regularly use even a few of Googles services must accept that the company retains a large quantity of information about that user, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure, and without an opportunity to delete or withdraw personal data even if the user wishes to terminate the service.

  • Google maintains records of all search strings and the associated IP addresses and time stamps for at least 18 to 24 months and does not provide users with an expungement option. While it is true that many U.S.-based companies have not yet established a time frame for retention, there is a prevailing view amongst privacy experts that 18 to 24 months is unacceptable, and possibly unlawful in many parts of the world.

  • Google has access to additional personal information, including hobbies, employment, address and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information from Orkut.

  • Google collects all search results entered through Google Toolbar and identifies all Google Toolbar users with a unique cookie that allows Google to track the users Web movement. Google does not indicate how long the information collected through Google Toolbar is retained, nor does it offer users a data expungement option in connection with the service.

  • Google fails to follow generally accepted privacy practices such as the OECD Privacy Guidelines and elements of EU data protection law. As detailed in the EPIC complaint, Google also fails to adopt additional privacy provisions with respect to specific Google services.

  • Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.

  • Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel