Google’s privacy policies must be relooked to avoid costly client data leakage
We at Google are getting bamboozled by third party developers and users alike. We’re losing out on data and we all know data is money. Third parties like Unroll.me, when they’re not getting us in trouble with the media, are making a killing on our clients’ data and they’ve been cutting us out. If anybody is to be scanning our Gmail accounts for Lyft receipts to sell to third parties, it should be us. Google’s product policy team needs to address this privacy concern head-on — we need to a percentage of the cut.
The Good News: According to a survey by Pew Research Center, in response to the true/false statement: “When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users” some 52% of internet users believe — incorrectly — that this statement is true, and that privacy policies actually ensure the confidentiality of their personal information. This bodes well for us in that we can basically guarantee that over half of our clients are suckers.
The Bad News. We received a request from a Gmail user the other day with a question about their privacy policy. Apparently people are actually utilizing our Google Account Privacy Checkup tool from time to time. This was only intended to give the impression that were being sensitive to industry experts like that stingy Digital Content Next as we pretended to incorporate novel privacy security solutions such as closing Google’s passive data collection loopholes. In the same vein, our open research projects and security award programs are actually starting to create collective awareness and protection, so we should probably roll those back ASAP.
What To Do About Third Parties. We need to improve our third-party vetting processes to ensure we’re reducing the risk of them selling off our users’ information without us getting a slice of the action. It’s one thing if the users don’t know about it. It’s another if we don’t.
What To Do About Users. Without directly violating valuable regulatory compliance requirements, we should do our best to adhere to the 10 common issues associated with company-serving privacy policies: 1) write in legalese, 2) hide it, 3) don’t take compliance too literally, 4) don’t worry about matching data practices, 5) only ask for consent when the user realizes that they’re a product from which we farm and sell data in exchange for “free services”, 6) forget a clause here and there, 7) use massive blocks of static text, 8) let the data teams forget they exist, 9) prioritize content to streamline litigation later on, and 10) definitely have different polices for different users.
What Not To Do. The Slack Privacy Policy was recently updated to better support and inform their users by clarifying 1) what is happening with their data, 2) what data is required by law enforcement, and outlines the 3) type of data being collected. I thought we were on the same team…
The last thing we want is people migrating over to HAT Microservers to improve their personal data security. With properly secured data, we basically don’t have a business. When in doubt, appeal to the average user’s short attention span and low sense of responsibility. In the end, most will just go ahead and eat the cookies we give them.
