No, You Don’t Need To Fear The Google Privacy Changes: A Reality Check

Less than a month to go before Google’s new privacy policy changes happen. Microsoft is running an ad campaign encouraging switching to its services as safer or more private. The US Congress is still asking questions. Headlines have painted a worrisome picture. But Google’s users seem largely unconcerned. That’s no surprise. They probably shouldn’t be. […]

Chat with MarTechBot

Web Privacy and SecurityLess than a month to go before Google’s new privacy policy changes happen. Microsoft is running an ad campaign encouraging switching to its services as safer or more private. The US Congress is still asking questions. Headlines have painted a worrisome picture. But Google’s users seem largely unconcerned. That’s no surprise. They probably shouldn’t be.

There’s a big difference between a privacy policy that grants new rights and actually using those rights. That’s what I tried to explain in my first article about Google’s forthcoming changes.

There are good reasons why the mess that Google currently finds itself in, surrounded by FUD — fear, uncertainty and doubt — is something the company could have avoided. I covered that in my second article on the changes.

Now, it’s time to put the reality check front-and-center, for the potentially concerned customer out there.

Google’s Doing What Others Like Microsoft Do

Perhaps one of the most jaw-dropping things I saw in the wake of the new changes was the Washington Post’s initial story, with a big scary-sounding headline: Google announces privacy changes across products; users can’t opt out.

Ouch. Can’t opt-out. No way to stop the big G from doing whatever it wants to you. Bend over, and can I have another, sir?

The reality is much different. Yes, if you want to use a Google product or service that requires a Google Account — where you must log-in — then you can’t opt-out of Google’s overall privacy policy. Searching the web, watching YouTube videos — these are just some products where log-in isn’t required.

Still, count Google in among those crazy other companies that make you sign-up for a master privacy policy governing all their services that require logging in. You know, the way I believe Amazon, Yahoo and Microsoft all do.

Consider if you want to sign-up for Hotmail, Microsoft’s rival to Google’s Gmail:

Hotmail

That’s the sign-up screen for Hotmail. Note the arrows at the bottom. The first one points to text that says:

One Windows Live ID gets you into Hotmail, Messenger, Xbox LIVE—and other Microsoft services

In other words, you’re not just signing-up for Hotmail, a single product that will be isolated from all the other Microsoft products that use a Windows Live account. You’re signing-up for a Windows Live account, with a master privacy policy and terms that rule over your relationship with Microsoft.

Sharing Seems An Industry Practice

But wait! Google’s new privacy policy will allow it to share content between its various properties. That’s what’s so wacko about what’s going on, not that they have a master policy!

Yes, Google’s new policy will allow for this. That’s just like Microsoft’s does, as I explained yesterday. From the full master privacy policy governing Windows Live accounts:

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services.

Microsoft is out today with a new blog post, this time slamming Google’s Gmail service, pushing the idea that if you don’t want cross-sharing to happen, your only options might be to:

  • Use separate browsers to segregate your communications, social, and video log-ins
  • Sign in and out of your accounts throughout the day to de-couple specific activities as needed.

Yet, the same Microsoft master privacy policy has this provision:

By signing in on one Microsoft site or service, you may be automatically signed into other Microsoft sites and services that use Windows Live ID.

What? I just wanted to check my email, and you signed me into Bing Videos! Is that so Microsoft can more easily combine my information between services, you know, all Google-style?

The Incredible Lightness Of Privacy Policies

Who knows. As I keep reading through these privacy policies at Google and Microsoft, aside from trying to stay awake and and trying to piece through the unfamiliar terms, I still come away with three main thoughts:

  • The don’t seem that different in general
  • They lack a “Bill of Rights” of what they will not do
  • They mean little without a corresponding comprehensive control panel allowing users to limit how data is collected or used

A Journey To Understand If Search “Remarketing” Is Happening

Here’s the new Google privacy policy. I’ll pick one simple question that I think many people would like to know.

Does the new policy allow Google to use my search history as a way to target ads to me as I surf the web? In other words, if I search for “mortgages” when logged-in on Google, can advertisers target me so that if I’m on non-Google web sites — but web sites that carry Google ads — I might see ads about mortgages?

The policy actually says it won’t do this, but you only know that if you understand a great deal about how Google works. It’s this section:

We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

You have to understand that the DoubleClick cookie is something that Google says is used to do “interest-based” advertising that might allow for the search history targeting scenario that I’ve described above.

I know this, because when I asked Google about if the new policy allowed for this, it pointed me to that section to say that prevents it. Regular readers of the privacy policy get no such help.

Google’s existing ads policy is actually pretty detailed about the DoubleClick cookie, but all that detail seems to be disappearing as part of the move to have a simplier and supposedly easier-to-understand master policy.

So much for that.

The Journey Continues Into Non-Search Remarketing

Even the existing Google ad policy makes no mention of “remarketing.” Also called retargeting, this is how Google advertisers can already follow people around across the web with ads.

This isn’t done based on what you searched for. Rather, it’s a way for an advertiser who saw you come to their site to tag you with an anonymous cookie, so that the advertiser can start showing you their ads when you go to other sites in Google’s ad network. Others ad networks allow the same, including Microsoft, to my understanding.

A somewhat savvy consumer concerned about how their search history might be used perhaps will think “Hmm, is that remarketing?” and go to the privacy policy to see what’s covered. As I’ve said, that’s not mentioned, not in the old ad policy nor the new one.

What else might they do? Turning to the Google Dashboard for a button to disable remarketing isn’t much help. There’s nothing like this listed there. There is a section that lists my recent “web history” — which really means my search history — and a link that says “Remove items or clear Web History.”

Hunt For The Opt-Out

That link is actually a potential opt-out option. You know, an opt-out like the Washington Post told you that you can’t do? Because if I click on that link, I can actually turn off my web history (well, put it on pause) if it was enabled (not that the link tells you this). And if I pause it (and clear anything already gathered), all those worries about what Google might now be able to do with my past searches? Poof. I have no past searches.

But phew. That was exhausting. Shouldn’t there be an easier way for me to make sure I’m not having my searches linked to retargeting? Potentially, there is. You see, Google uses an industry-standard way to flag controls around its ads. Look here:

Ad

That’s a real ad, which I know was targeted to me, because I’ve recently been looking for Mac repair (seriously, Apple, two logic board failures on my son’s MacBook? I know it’s old, but two?). See the arrow pointing to that weird triangle icon. If you clicked on that, you’d get to this page, telling you that’s the AdChoices icon:

The AdChoices icon appears on sites that use Google’s AdSense program to show ads.

While Google often shows you ads based on the content of the page you are viewing, we also show some ads based on the types of websites you visit, view, or where you interact with an ad or other Google product supported by Google’s advertising services.

In doing this, Google doesn’t know your name or any other personal information about you. Google simply recognizes the number stored in your browser on the DoubleClick cookie, and shows ads related to the interest and inferred demographic categories associated with that cookie.

OMG, do you think some of that clear language perhaps could have been inserted into that new-fangled privacy policy that Google’s all excited about? And maybe, just maybe, something could have been inserted to say “and by the way, we don’t use your search history.” And maybe, just maybe, if I wanted to opt-out, the control wouldn’t require this journey:

Ad Choices Page

See that arrow? It’s pointing to the link you have to use to turn off personalized advertising. Big giant buttons to “Try AdSense” or “Try AdWords” and a little whisper, “or opt-out of personalized advertising.”

When you go to that page, you don’t even get the opt-out button. No, that’s still another click away:

Ad Preferences Page

By default, if you have a profile that’s been formed, you’re shown what Google believes you’re interested in as well as your assumed age and gender.

Side Note: What Google Clearly Doesn’t Know About You

People have been having good fun poking at Google about that, but it ought to be reassuring to anyone who fears the Google data monster. It shows that this is an anonymous profile not linked with your personal profile, where unless you outright lied, Google knows your real age and gender.

It also shows, by the way, exactly what many television networks would get wrong about you when you tune into a show. Believe me, with all the tampon ads I seem to get in association with my shows, I’m pretty sure there are advertisers who think I’m a woman.

There’s The Opt-Out!

But yes, if I click on that opt-out link, finally I can find a way to opt-out of that remarketing:

Opt Out

After all that, it’s worth noting that remarketing has nothing to do with Google’s privacy policy. Even if you never create a Google Account, and so never agree to the privacy policy, retargeting happens to you through anonymous cookies.

In the end, I went through a lot of effort to try and figure out if the privacy policy allowed one thing — the ability for me to have my search history used to target me with ads.

I found plenty of confusion and doubt just from Google’s own documents. Toss in an announcement by Google that there’s a privacy policy change about to happen, and that that makes it easy for the press and competitors to churn in a little fear factor.

Let’s Talk Privacy Controls

That’s been my frustration with all this, that you’d think Google would have known better. That you think they’d have learned from the lessons that Facebook learned in 2010 and figure out better overall privacy controls. Consider what I get over at Facebook:

Image001 2

That dashboard isn’t perfect. It does seem to have improved since I wrote my Drill (Down), Baby, Drill: Facebook’s New “Simple” Privacy Settings Still Pretty Complex story in 2010. Still, if you dare to drill down into specifics, it can be pretty overwhelming.

What Google needs is that type of privacy controls dashboard, only better. Microsoft seems to need one too, by the way. That’s because everything I just went through with Google above? I have to do the same thing with Microsoft (even though it does have a basic dashboard of its own, here).

Microsoft Takes You On A Journey, Too

With Microsoft, I have to:

There, I learn that Microsoft does seem to have the right to use my search history to target me with ads as I surf the web. Whether Microsoft actually does this, I can’t tell. But I can opt-out using a page similar to what Google has, or I can clear my search history at Microsoft similar to how I can do it at Google.

Do You Trust The Company, Not Its Privacy Policy

Let me come back to where I started. Should you fear the new Google privacy changes? For the record, Google says that the privacy policy is mainly changing to allow it to:

  • Potentially share what you do at YouTube with other Google products
  • Potentially use your search history with other Google products

If those absolutely freak you out, Microsoft stands-by ready to let you search and watch videos there. Of course, as best I can tell, Microsoft already has all the same rights that Google is now granting for itself.

That means, in the end, it’s more about whether you trust Google and Microsoft to begin with, rather than what their broadly-worded privacy policies seem to allow. So if you already trust Google to begin with, you’re probably fine.

Google’s Users Seem Relaxed

Certainly, Google’s existing users don’t seem to be concerned. Look here:

Google Support

Those are the most recent discussions happening in Google’s own support forums. There’s no explosion of concern about the privacy changes there. Do a search for privacy policy in the forums, and there are a handful of threads, by a few individuals. It is literally nothing out of the millions of users that Google has.

But The PR Stumble Is Real

That doesn’t mean this entire thing hasn’t been a big problem for Google. While its existing users will likely plod along more annoyed by all the privacy notices they’re getting rather than the changes, the broader tech and mainstream media space I’d say looks at the PR stumble here — on the heels of another PR stumble over Search Plus Your World — and loses a little faith.

That can inch into the mainstream of users, as I covered more in my Anti-Google Graffiti, Steve Martin Joke: Signs Perceptions Of Google Changing For Worse? story last week.

That’s a problem Microsoft is obviously trying to exploit — and hey, Microsoft does have a suite of products and services people may want to consider, not because they’re super-better on the privacy front (that’s debatable) but simply because they have good products as well.

For Google, the PR problem looks far, far worse than what I think is the case with its actual users. Those users, I suspect, either trust Google or simply don’t care. It’s another big company. What are you going to do?

Two Wishes: Bill Of Rights & Privacy Controls

I’ll end with two things I’d like to see emerge from all this:

  • A data privacy Bill of Rights from individuals companies that clearly spells out in plain language what won’t be done with our data
  • A centralized, easy-to-understand set of controls to limit how data can be collected and used

I’d like that from Google, Microsoft and any major company that collects data on individuals. You know, like those other nasty companies that members of the US Congress don’t seem to send letters to, credit card companies, credit bureaus and supermarkets with loyalty cards, to name some.

Related Articles


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


About the author

Danny Sullivan
Contributor
Danny Sullivan was a journalist and analyst who covered the digital and search marketing space from 1996 through 2017. He was also a cofounder of Third Door Media, which publishes Search Engine Land, MarTech, and produces the SMX: Search Marketing Expo and MarTech events. He retired from journalism and Third Door Media in June 2017. You can learn more about him on his personal site & blog He can also be found on Facebook and Twitter.

Get the must-read newsletter for marketers.