Congress to Google: Explain Yourself Lawmakers Questions Google's New Privacy Policy
The leaders of a House panel sent a letter to Google Chief Executive Officer Larry Page demanding that he or a representative explain by Feb. 3 its new privacy policy to allow the Internet company to share data among its various cloud computing services such as Gmail, Picasa and YouTube.

Reps. Mary Bono Mack, R-Calif., and G.K. Butterfield, D-N.C., the chair and ranking member of the House Subcommittee on Commerce, Manufacturing and Trade, applauded Google for streamlining its privacy but expressed one reservation: "These changes might not otherwise be troubling but for one significant change to your terms of service: Google will not permit users to opt out of this information collection and sharing across platforms and devices."

See Also: More Threat Vectors, More Security & Compliance Challenges

Google last week announced significant changes to its privacy policy including the consolidation of more than 60 individual policies into a single umbrella privacy policy to take effect March 1 [see Google's Paying Clients Exempt from Privacy Policy?].

The subcommittee heads said they are particularly concerned with how a user's data would be collected, combined, archived and used across services. "While Google's announcement suggests the company gives users 'meaningful choices about how [user information] is used,' denying users an option to opt out of sharing their information across platforms or devices that they may otherwise strive to keep separate (e.g., work computer versus personal Android phone) appears to significantly reduce the spirit and substance of 'meaningful choice.'" Bono Mack and Butterfield write. "As Google's announcement also states, 'this stuff matters,' and we agree: it matters deeply to both policymakers and consumers."

Google Responds

In a letter to a number of lawmakers dated Jan. 30, Google explained that no Internet company exempts users from their privacy policies. "The relevant issue is whether users have choices about how their data is collected and used," wrote Pablo Chavez, Google director of public policy. "Google's privacy policy - like that of other companies - is a document that applies to all consumers using our products and services. However, we have built meaningful privacy controls into our products, and we are committed to continue offering those choices in the future."

The letter provides details on the evolution of Google's privacy policy and explains the thinking behind it.

Late last week, the co-chairs of the Congressional Bipartisan Privacy Caucus, Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, asked the Federal Trade commission whether Google's new privacy policy violates the company's agreement with the FTC that bars the company from future privacy misrepresentations that followed the launch of Google Buzz in 2010, an ill-fated social networking, microbloging and messaging tool.

And the two lawmakers joined six other House members asking Google to explain its new privacy policy. "Consumer should have the ability to opt-out of data collection when they are not comfortable with a company's terms of service and that the ability to exercise that choice should be simple and straightforward," a message from the eight lawmakers to Page said. That letter gives Google until Feb. 16 to answer 11 questions the House members asked about the privacy policy.

Sensitive to Congressional reaction, Google Policy Manager Betsy Masiello, in a blog, recognized the congressional concern, contending many misconceptions exist about the new privacy policy. "You still have choice and control," Masiello wrote. "You don't need to log in to use many of our services, including Search, Maps and YouTube. If you are logged in, you can still edit or turn off your search history, switch Gmail chat to 'off the record,' control the way Google tailors ads to your interests, use Incognito mode on Chrome, or use any of the other privacy tools we offer."

Masiello said Google isn't collecting more data about consumers and much of what is in the new privacy policy incorporates existing guidelines, adding: "We're making things simpler and we're trying to be upfront about it. Period."


About the Author

Eric Chabrow

Eric Chabrow

Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow, who oversees ISMG's GovInfoSecurity and InfoRiskToday, is a veteran multimedia journalist who has covered information technology, government and business. He's the former top editor at the award-winning business journal CIO Insight and a long-time editor and writer at InformationWeek.




Around the Network