Google changes privacy policy

By EDRi · October 20, 2005

Google is offering more detailed information about how it collects and
uses personal data of internet users. Since 14 October Google has expanded
its privacy policy outlining more details but little change in substance.
Some key issues, such as how long personal data are kept, are not answered
by the new privacy policy.

The new privacy policy is ‘layered’ and consists of a easy readable short
version and a more comprehensive full version. Google has joined the US
safe harbour program in order to bring its data collection practices more
in line with EU data protection principles. According to the safe harbour
principles personal data can be accessed, corrected or removed by the
subject. But Google does put some serious limitations on those rights
saying that “extremely impractical” requests for removing will not be
honoured, “for instance, requests concerning information residing on
backup tapes”. The problem does also apply to e-mail messages in Gmail,
Googles web e-mail service: “Residual copies of deleted messages and
accounts may take up to 60 days to be deleted from our active servers and
may remain in our offline backup systems”.

Google will use personal information to display customized content and
advertising, develop new services and ensure that its network continues to
function. The practices aren’t new but weren’t explicit before. The policy
is also more explicit on data security stressing not only that employees
have access on a need-to-know basis but will also be fired or criminally
prosecuted for violations.

The biggest omission in the privacy policy is however that it doesn’t put
any limit on how long personal data are kept and how data are removed
after it has fulfilled its purpose. The policy can only be read in such a
way that Google keeps personal data forever.

In April 2004 Privacy International filed complaints about Google’s
proposed Gmail service with privacy and data protection regulators in 17
countries. The complaint identifies a large number of possible breaches of
EU law including the searching of email content and indefinite retention.
Gmail scans e-mail content to display custom advertisements.

Google Privacy Policy (14.10.2005)
http://www.google.com/privacypolicy.html

Gmail Privacy Notice (14.10.2005)
http://gmail.google.com/gmail/help/privacy.html

Privacy International complaint (19.04.2004)
http://www.privacyinternational.org/issues/internet/gmail-complaint.pdf

More on Gmail and privacy (15.07.2004)
http://mail.google.com/mail/help/intl/en/more.html

Google’s Privacy Policy In Layman’s Words (15.10.2005)
http://blog.outer-court.com/archive/2005-10-15-n31.html

(Contribution by Maurice Wessling, EDRI-member Bits of Freedom)