Announcement

March 8, 2012

Reply to Google regarding privacy policy changes

Following receipt of a letter from Google February 29, 2012, the Privacy Commissioner of Canada has sent a reply to the company requesting additional information related to recent changes to its privacy policy.

Specifically, it seeks further clarification on the potential linking of Google accounts and asks questions regarding deletion and retention.

March 1, 2012

Mr. Colin McKay
Manager, Global Public Policy
Google
340 Albert Street
Ottawa ON
K1R 7Y6

Dear Mr. McKay:

Thank you for your letter of February 29, 2012, which was in response to our letter dated February 23, 2012, regarding the company’s new privacy policy.

While I appreciated your prompt response to our letter, I am of the view that your reply did not fully address our concerns. Specifically, we had noted that the new policy contained less specificity regarding retention and disposal of personal information and had asked Google to more clearly explain its policies and practices in this regard. We also asked how you intended to address this issue. While you did provide an explanation of Google’s practices, you did not indicate whether Google was changing its retention policies nor did you define what the “reasonable period of time” (after which information is deleted at the user’s request) that you noted in your letter. Again, we strongly encourage you to be clear and specific in your policy in terms of your practices.

With respect to the issues we raised around linking, you clarified how individuals can use various tools to limit ads and tracking, as well as the means of setting up separate accounts to limit personalization. Your response does not, however, address our observation that this information should be included in Google’s new policy. Your response also does not clarify the apparent contradiction between setting up separate accounts as a strategy to prevent linking and the language in the policy that suggests some linking between accounts may occur. Again, we strongly encourage you to be clear in your policy, by adding further information for people who do want to limit the linking of their information by use of separate accounts. We would also ask that you address our outstanding concern regarding language in the policy that suggests a linking across accounts.

Lastly, with respect to Android users, we note the additional information you provided to clarify how the policy works with respect to these users. Specifically, you indicate that Android users can access nearly all of the device’s functionality without a Google account, for example, they can place calls, send text messages, browse the web, download applications, and so on. You note that, in addition to the Gmail application, users can use alternate email services on Android phones through the open-source Android email application, through the web browser, or through specific email client applications (such as Yahoo! or Hotmail).

You do note that some Google applications such as Android Market and Gmail require authentication with a Google account in order to provide the service. As an example, it explains that users must remain logged into an email client in order to receive their email in real time; otherwise, there is no means by which the client can retrieve messages from the server for the end user.

You also indicate that an Android user who is logged into his or her Google account can still control how Google uses his or her information, in a manner similar to a desktop. For example, it can access the search history functionality that exists on the desktop. The company states that the “mobile application automatically links to the web browser, where the user manages the search settings in exactly the same browser interface for mobile and desktop. In the browser, a user can turn search history on or off, edit queries, or delete the history entirely. Android users can also use the incognito mode in the browser to avoid the storage of any browsing history on their devices.”

I appreciate receiving this additional information. It appears that an Android user, to some degree, does have some options available to protect his or her privacy. However, it is possible that you might be overstating the impact of the user’s ability to delete search history (which applies to desktop users as well), including the ability to use incognito mode in the browser. None of these practices prevent the collection or retention of the search history by Google; it just means that there is no local record (on the phone or on the desktop computer) of the browsing.

However, I recognize that this is not unique to Google or to the mobile phone environment, and is an issue that has been flagged by privacy advocates for some time. Our recently issued Online Behavioural Advertising Guidelines concern the collection of personal information by means of tracking and call for individuals to be able to opt out of such tracking at or before the time of collection. They also call on information that is collected to be destroyed or effectively de-identified. I would encourage Google, and other Internet companies, to work towards improved practices in this regard.

As we indicated in our letter of February 23, we are aware that many authorities in other jurisdictions have raised a number of important questions and concerns with Google about the change to the privacy policy, most recently the CNIL. As you know, our Office is also a signatory to a letter from the Asia-Pacific Privacy Authorities, which has also raised the same concerns. We look forward to hearing more from the company on that front.

I would welcome Google’s action on the areas flagged above, and I look forward to your response on the outstanding issue regarding the linking of names across accounts.

Sincerely,

Original signed by

Jennifer Stoddart
Privacy Commissioner of Canada

c.c. The Information and Privacy Commissioners of Alberta, British Columbia and Quebec

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: