Secret Internet story in Google's 4,000-word privacy policy
The late 1990s was a simple period for Google. The nascent company was just a search engine, and services such as Gmail, Android, and YouTube were, at best, a gleam in the eyes of startups. And the first privacy policy reflected this simplicity. She was brief and honest, sweet, old, kind artifact of other times of Silicon Valley, when Google explained in just 600 words how she collects and uses your personal information.
That Internet option (and Google) is no longer with us. Over the past 20 years, that same privacy policy has been rewritten into a bloated 4000-word document describing how the company treats your data.
This evolution, which has been going on for two decades and has known 30 options, is the story of the transformation of the Internet in the eyes of one of its most important entities. Today the web is terribly complex, and Google’s privacy policy is consistent with that.
Google’s privacy policy changes over time
1999-2004: no longer writes about users "in total"
In the first five years, Google’s privacy policy reflected the era before smartphones — a time when few user data was collected and users were always viewed “collectively, not as individuals.” This concise declaration is probably the most important part of Google’s first privacy policy:
1999
Google may share user information with advertisers, business partners, and other third parties. However, we always provide information about users in aggregate, and not about individuals. For example, we can disclose how often the average Google user visits Google, or what other words are most often found in queries containing the word Microsoft.
This straightforward paragraph is cited from Google’s second version of the privacy policy, released three months later.
Twenty years later, this statement demonstrates how far Google has gone from its roots, says James Ward, a lawyer specializing in data privacy and security laws. “In short, this statement claims that Google used the wrong business model that it uses now,” he said.
2005-2011: Google reveals more data for better ad targeting
In the late 2000s, Google has changed dramatically. The acquisitions of companies such as YouTube video hosting (2006) and the DoubleClick advertising network (2008) have passed. This coincided with the rise of desktop and banner advertising, as well as the mobile revolution, which opened up new ways of advertising and tracking. Google's privacy policy has evolved to reflect these changes in the industry.
According to Ward, at this time, Google’s policy shifted from “straightforward disclosure of rules to a more complex system.” Since Google kept increasing the amount of personal data on which it built the advertising model and its entire business, then, according to him, the company “moved from the model” we don’t transfer your data "to the model" we don’t sell your data "."
And now, how over the years has changed what the company collected.
What the company collects
| 1999 | 2019 |
|---|---|
| Total Search Activity
Your personal information Click Information Cookie | What you create or submit to Google
Your name Password Phone number Billing Information Content that you create, download or receive from other people when using our services If you use Google services for calls or messages Phone info Phone number Caller Number Call Receiver Number Call Forwarding Numbers Time and date of calls and messages Call duration Routing Information Call types Your activity Your searches The videos you watch Views and interactions with content and ads People you chat with or share content with Chrome browser history Activity on third-party sites and applications using our services Voice and audio information when using audio features Purchases Applications, browsers and device data Unique identifiers Browser Type and Settings Device Type and Settings operating system Mobile network information, including carrier name and phone number Application number IP address Software Failure Reports System activity Date, time, source URL of your request Open Source Data Data from partners Trusted Partners Marketing partners Security partners Advertisers Location data Based on GPS, IP address, device sensor data, WiFi access points, cell towers, Bluetooth devices From devices running Android with Google applications, it periodically collects: Device type Provider name Bug reports List of installed applications |
From the very beginning, Google’s business was built on advertising. Early privacy policies mentioned advertisers, but not targeted advertising. This changed in 2005 when Google first used the phrase "personalized content and advertising."
“Advertising Choice” was first mentioned in 2009, shortly after Google bought DoubleClick for $ 3.1 billion and built it into its marketing platform.
In June 2004, the following phrase appears:
If you have an account, we can share the information downloaded through this account between all our services in order to ensure their unhindered use and improve their quality.
Ward says that in 2004, people still believed in the honesty of such statements. But, according to him, “today it is clearly a signal of creating a comprehensive profile, and that every service you use will collect information for personalized advertising, even if you did not agree with this.” Ward claims that according to this policy you will be deemed to be consonant even without your knowledge of it.
2012-2017: business complexity requires policy complexity
Google’s status as an Internet giant has attracted more attention to the company. In August 2012, the company paid $ 22.5 million in fines by a decision of the US Federal Trade Commission for “misrepresenting assurances of confidentiality” regarding tracking cookies by people using Apple’s Safari browser.
In anticipation of the penalty, the “information we collect” section of Google’s privacy policy has been seriously edited.
| 2011 | 2012 |
|---|---|
| What information do we collect and how do we use it
We may need the following types of data: Information you provide - when registering a Google account, we ask you to provide certain personal information. We may combine the information that you provided when registering your account with the information received from Google services or third-party sources in order to improve the quality of our services. Some services allow you to refuse to combine this information. For more information about your account, please visit your Google Dashboard. If you use your Google Apps account when using Google Services, Google provides access to such services through or on behalf of your domain administrator. In this case, the administrator has access to your account information, including email. For more information, see the privacy policy of your domain administrator. Cookies - when you visit Google, we send one or more cookies to your computer or other device. Cookies are used to improve the quality of the services provided: save user settings, improve search results and ad selection, track user-specific trends, such as search features. Google also uses cookies in advertising services to help advertisers and publishers place advertisements and manage ads on sites across the Internet and on Google services. Information about visits - when accessing Google services through a browser, application or other client, our servers automatically record certain information. These server logs may contain information such as your web request, IP address, browser type and language, date and time of the request, and one or more cookies that can be used to determine your browser or account. Custom messages - when you send messages to Google (by email or otherwise), we can save these messages for processing requests, answering questions and further improving our services. When sending or receiving SMS, our text messaging services can collect and store the following information: phone number, name of the service provider, message content, date and time of transmission. Your e-mail address may be used to contact you regarding the work of our services. Google services on affiliate sites - some of the services we offer are linked to other sites. The personal information you provide to such sites may be transferred to Google to provide these services. We process this kind of information in accordance with this privacy policy. Third-party applications - Through Google services, third-party applications, such as gadgets or extensions, may be provided to users. The information that you provide when you turn on the gadget or when you launch the third-party application is processed by Google in accordance with this privacy policy. The developer of the gadget or application handles the information it collects in accordance with its own privacy policy. Location information - There are a number of location services available on Google, such as Google Maps and Latitude. When you use these services, Google may receive information about your location (for example, GPS signals from your mobile device) or information based on which you can calculate an approximate location (for example, mobile phone identifier). Unique application numbers - a unique application number that is not associated with information about you or your account is used by some services, for example, Google Toolbar. This number along with installation information (for example, the type and version of the operating system) can be sent to Google when installing or uninstalling the service while it is accessing our servers (for example, when requesting automatic software updates). Other sites - This privacy policy applies only to Google services. We do not control sites that appear in our search results, that use Google applications, products and services or that are linked to from our services. These sites may place their own cookies on your computer, collect data, or request personal information from you. | What information do we collect
We collect information that helps improve our services, from language settings to more complex things, such as ads that are interesting to a particular user or people on the Internet. We take information from two sources: Information from users To use many of our services, you must have a Google account. When you create it, we ask you for personal data, such as name, email address, phone number or credit card details. For those who want to use all the sharing features, we also ask you to create a public Google profile where you can enter your name and add a photo. Of the services you work with. We collect data on how and what services you use. This happens when you, for example, visit websites advertised in AdWords or AdMob, or view and interact with our ads or content. This data includes the following: Device Information We collect device data, such as model, operating system version, unique device identifiers, as well as data on the mobile network and phone number. In addition, a device ID or phone number can be linked to your Google account. Log Information When you use our services or view content provided through Google, some of your actions may be automatically saved in server logs. The following information is recorded: Details of using services, including search queries data on phone calls, including phone numbers for incoming, outgoing and forwarded calls, date, time, type and duration of calls, as well as information about the SMS route; IP addresses data on hardware events, including crashes and actions in the system, as well as settings, type and language of the browser, date and time of the request, and referral URL; Cookies that are unique identifiers for your browser or Google account. Location information At Google’s geographic features, we collect and process data about your actual location, including GPS data sent by your mobile device. We also use various technologies for determining coordinates, for example, we polish device sensors for information about the nearest Wi-Fi access points and cell towers. Unique application numbers Some services use unique program identifiers. They, along with information about the application (for example, version number or type of operating system) can be sent to Google when installing or uninstalling the service, as well as during automatic communication sessions with servers (when downloading updates, etc.). Local storage We collect and store data (including personal data) on your user devices using tools such as browser web storage (including HTML5) and data cache used by applications. Cookies and anonymous identifiers In order to receive and record data about how Google services are used, we use various technologies. Some of them send data to the user device: one or more cookies or anonymous identifiers. This data is also necessary in cases where the user interacts with the services for our partners. These may be AdWords, AdMob, or Google’s features hosted on third-party websites. |
In the March 2012 edition of the privacy policy, Google settled on an edited version of what information it shares:
We may provide information about you to companies, organizations or individuals not affiliated with Google if you have consented to this. We request your consent for the disclosure of special categories of personal data.
On the same day, Google rewrote the terms of use for the first time since 2007, editing the document from 20 points, making it shorter, but greatly expanding the definitions. One change regarding the downloaded content gives the company particularly wide privileges in using this content at its discretion:
By uploading or otherwise adding materials to our Services, you grant Google and its partners a worldwide license that allows us to use this content, post it, store, reproduce, modify, create derivative works based on it (for example, translations, adaptations and other ways of optimizing materials), share it, publish it, openly reproduce, display, and also distribute it.
The terms of use mention that “all intellectual property rights in respect of these materials remain with their owner. Simply put, everything that was yours will remain so. ” But, according to Ward, this revision of the terms, especially the phrase “uploading or otherwise adding content,” was a very meaningful change to what Google considers user-generated content.
“Your search queries, keystrokes, voice fingerprint and face in the Google Chat video chat, letters you sent via Gmail are all parts of the content you uploaded to their services,” he said. “That's exactly how we all“ agreed ”with this, having no idea that we did it.”
2018 - today: current policies are changing to comply with more stringent laws
The largest modern improvement in Google’s policy occurred in May 2018, in response to the European General Data Protection Regulation , or GDPR. According to Sam Heft-Lufti, Product Manager for Google’s Privacy Policy, a policy change that took writers, designers, researchers and lawyers a whole year was not just a change in legal language, but a “complete product update” so that it “better describes what it’s going to we have information and explained the rights of users. "
Heft-Lufti said that although the policy was rewritten for clarity, it did not change what Google does with user data. “We have not expanded Google’s rights or permissions,” he said.
He also noted that the biggest changes in politics focused on making navigation easier. And although it still resembles a maze, in many sections now there are explanatory videos and color illustrations in the form of logos and images.
The policy added nine references to the fact that users can export their data, and several sections explaining how to delete their data - most likely, under the pressure of the GDPR rules, which give users more rights to own and manage their data.
Before and after GDPR
In 2019, the digital economy is vast, and echoes technology, companies, advertisers, and billions of people dumping data every second. Google collects most of this information to help shape world-changing products, as well as fuel its money-printing ad machine.
PS: after the appearance of this article from the New York Times on the Hacker News website, one of his readers noted that the privacy policy of the newspaper itself consists of more than 5,000 words, and contains almost everything the same, for which the newspaper scolds Google, and a little more than that. It turns out, for example, that the New York Times reserves the right to sell (they call it "rent out") the name and mailing address of readers to advertisers.
All Articles