Google Terms of Service states that “When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”
Whoa! Sounds terrible right? I’m certainly not going to put my Great American Novel manuscript on Google Drive or my feature film trailer on YouTube! Hold on a sec, Google then qualifies that license you are giving them this way: “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.” OK that sounds good. “The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.” OK that makes sense, in fact is probably essential for them to provide the service you want.
Whew! There is hope: “Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services.” Kind of vague, but maybe I guess I can live with that.
Whoopee! Looks like at least I have some control. “We do not share personal information with companies, organizations and individuals outside of Google unless… we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.” That actually sounds pretty fair.
Wait! And what is this? “Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.” That is definitely a mixed bag. I don’t want SPAM but I also don’t want my private personal e-mails read.
Well Hell! Maybe I’ll just quit using Google altogether! In that case we find some good news: “You can stop using our Services at any time, although we’ll be sorry to see you go.” That’s nice and they also say: “We believe that you own your data and preserving your access to such data is important.” OK. But what if they break up with me first? “Google may also stop providing Services to you, or add or create new limits to our Services at any time. If we discontinue a Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service.”
- What personal information is collected?
- How is the information collected?
- Why is the information collected?
- How is the information used?
- Who will have access to the information?
- What choices do you have?
- Can you review or correct personal information?
- What security measures are used to protect your personal information?
The reason you have to do all the work is that, unlike most of the rest of the world, the U.S. has primarily taken a “self-regulation” approach to privacy which In many ways has been an abject failure. This approach has been overlaid with a few sector based federal laws (financial services, e-mail spam, protection of children online, etc.) and a fragmented patchwork of state laws (data breach, policy disclosure, etc).
The top cop for protecting your privacy is the Federal Trade Commission (FTC), which sets policy and brings enforcement actions against advertising networks, information brokers, mobile app providers, online retails, search providers (Google), and social networks (Facebook). The FTC articulated Fair Information Practice Principles almost 40 years ago and in our modern age promotes a framework with 3 key practices: privacy by design, i.e. making privacy the default setting, giving consumers control by simplifying choice, and greater transparency by those entities that collect and use personal information. But without broad federal privacy legislation it is very possible we will see the End of Privacy. To see how close we are to that future already, take the ACLU (great, short, fun) privacy quiz that shows you how exposed your personal information really is.
To sum up I suggest you take the following 4 steps to protect your business and personal information.
Control your information. Only provide the minimum required information in any form or interaction. Configure your browser for “Do Not Track” and “Disable Cookies” where possible. Understand and set your privacy controls on every website and service you use. A good guide is here.
Control your devices. Treat your smartphone like the computer that it is and put the same level of controls on access. See my earlier blog post on Security for more.
Control your apps. Choose apps that have Terms of Service and Privacy Policies that you can live with. Also, watch out for the many add-on Apps that are provided by third party developers and might have different terms and policies than your primary Cloud App service provider. Don’t let mobile apps use location services without good cause.
Control your opt-outs. For your own personal information one of the best things you can do is to Opt-Out. The World Privacy Forum provides a guide on the top 10 Opt Outs. This is a fantastic list to allow you to be “let alone”, as Justice Brandeis termed it, both off-line and on-line. I highly recommend it.
Full disclosure, I wrote my Ph.D. dissertation on information privacy and how people’s attitudes and behaviors differ based on their generation. If you would like to know more you can access it here.