Google’s first-ever privacy director, Alma Whitten, is retiring in June and will leave the post she has filled since October 2010, when the job was created.
Whitten will be replaced by Lawrence You as the new director of privacy for product and engineering at Google, according to the company. Whitten was appointed as privacy director after several privacy missteps that proved embarrassing to Google. Whitten had already been working for Google when she was selected for the post.
“During her 10 years at Google, Alma has done so much to improve our products and protect our users,” a spokesperson told eWEEK in an email. “The privacy and security teams, and everyone else at Google, will continue this hard work to ensure that our users’ data is kept safe and secure.”
You has worked for Google for eight years and is a founding member of the company’s privacy program, according to the company. He will report to Eric Grosse, vice president of security and privacy engineering.
The top privacy job at Google gets a lot of attention because the company is often in the headlines concerning user privacy matters. Privacy issues surrounding Google and its use of consumer data have been on the minds of regulators in Europe and the United States for some time.
In January 2012, Google announced major changes to its data privacy policies, which folded 60 of its 70 previously separate product privacy policies under one blanket policy and broke down the identity barriers between some of its services to accommodate its then-new Google+ social network, according to an earlier eWEEK report. Google’s streamlining came as regulators continued to criticize Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols. The Google privacy policy changes went into effect in March 2012.
The biggest change that was enacted concerned Google’s user accounts. When users are signed in, Google may combine identity information users provided from one service with information from other services. The goal is to treat each user as one individual across all Google products, such as Gmail, Google Docs, YouTube and other Web services.
Google claims this will lead to a simpler user experience, but it will also make it impossible for users to opt out of having their identities applied to dozens of Websites they might not have agreed to use.
Whitten, who led the policy changes at that time, defended them as being helpful and beneficial for users. Critics, however, panned the changes as potentially reducing their protections and options in selecting their own privacy options.
Last month, Google paid a $7 million fine to the U.S. government to end a probe into Google’s Street View imaging program, which for three years collected personal information on users wirelessly as the Street View vehicles drove around taking photographs.
The Street View program came under scrutiny both in the United States and in Europe after it was learned that the information was being gathered between 2007 and 2010, according to an earlier eWEEK report. The information included personal data such as passwords, emails, text messages, users’ Internet usage histories, as well as other WiFi information. According to a 2012 report from the U.S. Federal Communications Commission, the Street View vehicles had collected more than 200GB of such payload data.
Google officials, after initially denying that payload data had been collected, maintained that the data on the WiFi networks was being used to help Google create better location-based services. They later admitted that the Street View cars had collected such personal information, and laid the blame at the feet of a rogue engineer whom they said put that capability into the software on his own accord.
Meanwhile, a huge Google privacy case continues in Europe, where Google faces a potential $1 billion fine for alleged shortcomings in its data privacy policies under new laws being finalized in the European Union.
The new rules will allow European nations, which have stricter data privacy rules than the United States, to force companies like Google to adhere to those tougher rules or face fines. Under the new European laws, one government entity in the EU could represent all the EU nations in a claim against Google or another company that doesn’t comply with European data privacy laws.
Google’s privacy policies have been particularly criticized in Europe. In October 2012, the EU issued a report saying that Google wasn’t being clear enough about how it uses consumer data that it collects.