No, You Don’t Need To Fear The Google Privacy Changes: A Reality Check

Web Privacy and SecurityLess than a month to go before Google’s new privacy policy changes happen. Microsoft is running an ad campaign encouraging switching to its services as safer or more private. The US Congress is still asking questions. Headlines have painted a worrisome picture. But Google’s users seem largely unconcerned. That’s no surprise. They probably shouldn’t be.

There’s a big difference between a privacy policy that grants new rights and actually using those rights. That’s what I tried to explain in my first article about Google’s forthcoming changes.

There are good reasons why the mess that Google currently finds itself in, surrounded by FUD — fear, uncertainty and doubt — is something the company could have avoided. I covered that in my second article on the changes.

Now, it’s time to put the reality check front-and-center, for the potentially concerned customer out there.

Google’s Doing What Others Like Microsoft Do

Perhaps one of the most jaw-dropping things I saw in the wake of the new changes was the Washington Post’s initial story, with a big scary-sounding headline: Google announces privacy changes across products; users can’t opt out.

Ouch. Can’t opt-out. No way to stop the big G from doing whatever it wants to you. Bend over, and can I have another, sir?

The reality is much different. Yes, if you want to use a Google product or service that requires a Google Account — where you must log-in — then you can’t opt-out of Google’s overall privacy policy. Searching the web, watching YouTube videos — these are just some products where log-in isn’t required.

Still, count Google in among those crazy other companies that make you sign-up for a master privacy policy governing all their services that require logging in. You know, the way I believe Amazon, Yahoo and Microsoft all do.

Consider if you want to sign-up for Hotmail, Microsoft’s rival to Google’s Gmail:

That’s the sign-up screen for Hotmail. Note the arrows at the bottom. The first one points to text that says:

One Windows Live ID gets you into Hotmail, Messenger, Xbox LIVE—and other Microsoft services

In other words, you’re not just signing-up for Hotmail, a single product that will be isolated from all the other Microsoft products that use a Windows Live account. You’re signing-up for a Windows Live account, with a master privacy policy and terms that rule over your relationship with Microsoft.

Sharing Seems An Industry Practice

But wait! Google’s new privacy policy will allow it to share content between its various properties. That’s what’s so wacko about what’s going on, not that they have a master policy!

Yes, Google’s new policy will allow for this. That’s just like Microsoft’s does, as I explained yesterday. From the full master privacy policy governing Windows Live accounts:

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services.

Microsoft is out today with a new blog post, this time slamming Google’s Gmail service, pushing the idea that if you don’t want cross-sharing to happen, your only options might be to:

  • Use separate browsers to segregate your communications, social, and video log-ins
  • Sign in and out of your accounts throughout the day to de-couple specific activities as needed.

Yet, the same Microsoft master privacy policy has this provision:

By signing in on one Microsoft site or service, you may be automatically signed into other Microsoft sites and services that use Windows Live ID.

What? I just wanted to check my email, and you signed me into Bing Videos! Is that so Microsoft can more easily combine my information between services, you know, all Google-style?

The Incredible Lightness Of Privacy Policies

Who knows. As I keep reading through these privacy policies at Google and Microsoft, aside from trying to stay awake and and trying to piece through the unfamiliar terms, I still come away with three main thoughts:

  • The don’t seem that different in general
  • They lack a “Bill of Rights” of what they will not do
  • They mean little without a corresponding comprehensive control panel allowing users to limit how data is collected or used

A Journey To Understand If Search “Remarketing” Is Happening

Here’s the new Google privacy policy. I’ll pick one simple question that I think many people would like to know.

Does the new policy allow Google to use my search history as a way to target ads to me as I surf the web? In other words, if I search for “mortgages” when logged-in on Google, can advertisers target me so that if I’m on non-Google web sites — but web sites that carry Google ads — I might see ads about mortgages?

The policy actually says it won’t do this, but you only know that if you understand a great deal about how Google works. It’s this section:

We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

You have to understand that the DoubleClick cookie is something that Google says is used to do “interest-based” advertising that might allow for the search history targeting scenario that I’ve described above.

I know this, because when I asked Google about if the new policy allowed for this, it pointed me to that section to say that prevents it. Regular readers of the privacy policy get no such help.

Google’s existing ads policy is actually pretty detailed about the DoubleClick cookie, but all that detail seems to be disappearing as part of the move to have a simplier and supposedly easier-to-understand master policy.

So much for that.

The Journey Continues Into Non-Search Remarketing

Even the existing Google ad policy makes no mention of “remarketing.” Also called retargeting, this is how Google advertisers can already follow people around across the web with ads.

This isn’t done based on what you searched for. Rather, it’s a way for an advertiser who saw you come to their site to tag you with an anonymous cookie, so that the advertiser can start showing you their ads when you go to other sites in Google’s ad network. Others ad networks allow the same, including Microsoft, to my understanding.

A somewhat savvy consumer concerned about how their search history might be used perhaps will think “Hmm, is that remarketing?” and go to the privacy policy to see what’s covered. As I’ve said, that’s not mentioned, not in the old ad policy nor the new one.

What else might they do? Turning to the Google Dashboard for a button to disable remarketing isn’t much help. There’s nothing like this listed there. There is a section that lists my recent “web history” — which really means my search history — and a link that says “Remove items or clear Web History.”

Hunt For The Opt-Out

That link is actually a potential opt-out option. You know, an opt-out like the Washington Post told you that you can’t do? Because if I click on that link, I can actually turn off my web history (well, put it on pause) if it was enabled (not that the link tells you this). And if I pause it (and clear anything already gathered), all those worries about what Google might now be able to do with my past searches? Poof. I have no past searches.

But phew. That was exhausting. Shouldn’t there be an easier way for me to make sure I’m not having my searches linked to retargeting? Potentially, there is. You see, Google uses an industry-standard way to flag controls around its ads. Look here:

That’s a real ad, which I know was targeted to me, because I’ve recently been looking for Mac repair (seriously, Apple, two logic board failures on my son’s MacBook? I know it’s old, but two?). See the arrow pointing to that weird triangle icon. If you clicked on that, you’d get to this page, telling you that’s the AdChoices icon:

The AdChoices icon appears on sites that use Google’s AdSense program to show ads.

While Google often shows you ads based on the content of the page you are viewing, we also show some ads based on the types of websites you visit, view, or where you interact with an ad or other Google product supported by Google’s advertising services.

In doing this, Google doesn’t know your name or any other personal information about you. Google simply recognizes the number stored in your browser on the DoubleClick cookie, and shows ads related to the interest and inferred demographic categories associated with that cookie.

OMG, do you think some of that clear language perhaps could have been inserted into that new-fangled privacy policy that Google’s all excited about? And maybe, just maybe, something could have been inserted to say “and by the way, we don’t use your search history.” And maybe, just maybe, if I wanted to opt-out, the control wouldn’t require this journey:

See that arrow? It’s pointing to the link you have to use to turn off personalized advertising. Big giant buttons to “Try AdSense” or “Try AdWords” and a little whisper, “or opt-out of personalized advertising.”

When you go to that page, you don’t even get the opt-out button. No, that’s still another click away:

By default, if you have a profile that’s been formed, you’re shown what Google believes you’re interested in as well as your assumed age and gender.

Side Note: What Google Clearly Doesn’t Know About You

People have been having good fun poking at Google about that, but it ought to be reassuring to anyone who fears the Google data monster. It shows that this is an anonymous profile not linked with your personal profile, where unless you outright lied, Google knows your real age and gender.

It also shows, by the way, exactly what many television networks would get wrong about you when you tune into a show. Believe me, with all the tampon ads I seem to get in association with my shows, I’m pretty sure there are advertisers who think I’m a woman.

There’s The Opt-Out!

But yes, if I click on that opt-out link, finally I can find a way to opt-out of that remarketing:

After all that, it’s worth noting that remarketing has nothing to do with Google’s privacy policy. Even if you never create a Google Account, and so never agree to the privacy policy, retargeting happens to you through anonymous cookies.

In the end, I went through a lot of effort to try and figure out if the privacy policy allowed one thing — the ability for me to have my search history used to target me with ads.

I found plenty of confusion and doubt just from Google’s own documents. Toss in an announcement by Google that there’s a privacy policy change about to happen, and that that makes it easy for the press and competitors to churn in a little fear factor.

Let’s Talk Privacy Controls

That’s been my frustration with all this, that you’d think Google would have known better. That you think they’d have learned from the lessons that Facebook learned in 2010 and figure out better overall privacy controls. Consider what I get over at Facebook:

That dashboard isn’t perfect. It does seem to have improved since I wrote my Drill (Down), Baby, Drill: Facebook’s New “Simple” Privacy Settings Still Pretty Complex story in 2010. Still, if you dare to drill down into specifics, it can be pretty overwhelming.

What Google needs is that type of privacy controls dashboard, only better. Microsoft seems to need one too, by the way. That’s because everything I just went through with Google above? I have to do the same thing with Microsoft (even though it does have a basic dashboard of its own, here).

Microsoft Takes You On A Journey, Too

With Microsoft, I have to:

There, I learn that Microsoft does seem to have the right to use my search history to target me with ads as I surf the web. Whether Microsoft actually does this, I can’t tell. But I can opt-out using a page similar to what Google has, or I can clear my search history at Microsoft similar to how I can do it at Google.

Do You Trust The Company, Not Its Privacy Policy

Let me come back to where I started. Should you fear the new Google privacy changes? For the record, Google says that the privacy policy is mainly changing to allow it to:

  • Potentially share what you do at YouTube with other Google products
  • Potentially use your search history with other Google products

If those absolutely freak you out, Microsoft stands-by ready to let you search and watch videos there. Of course, as best I can tell, Microsoft already has all the same rights that Google is now granting for itself.

That means, in the end, it’s more about whether you trust Google and Microsoft to begin with, rather than what their broadly-worded privacy policies seem to allow. So if you already trust Google to begin with, you’re probably fine.

Google’s Users Seem Relaxed

Certainly, Google’s existing users don’t seem to be concerned. Look here:

Those are the most recent discussions happening in Google’s own support forums. There’s no explosion of concern about the privacy changes there. Do a search for privacy policy in the forums, and there are a handful of threads, by a few individuals. It is literally nothing out of the millions of users that Google has.

But The PR Stumble Is Real

That doesn’t mean this entire thing hasn’t been a big problem for Google. While its existing users will likely plod along more annoyed by all the privacy notices they’re getting rather than the changes, the broader tech and mainstream media space I’d say looks at the PR stumble here — on the heels of another PR stumble over Search Plus Your World — and loses a little faith.

That can inch into the mainstream of users, as I covered more in my Anti-Google Graffiti, Steve Martin Joke: Signs Perceptions Of Google Changing For Worse? story last week.

That’s a problem Microsoft is obviously trying to exploit — and hey, Microsoft does have a suite of products and services people may want to consider, not because they’re super-better on the privacy front (that’s debatable) but simply because they have good products as well.

For Google, the PR problem looks far, far worse than what I think is the case with its actual users. Those users, I suspect, either trust Google or simply don’t care. It’s another big company. What are you going to do?

Two Wishes: Bill Of Rights & Privacy Controls

I’ll end with two things I’d like to see emerge from all this:

  • A data privacy Bill of Rights from individuals companies that clearly spells out in plain language what won’t be done with our data
  • A centralized, easy-to-understand set of controls to limit how data can be collected and used

I’d like that from Google, Microsoft and any major company that collects data on individuals. You know, like those other nasty companies that members of the US Congress don’t seem to send letters to, credit card companies, credit bureaus and supermarkets with loyalty cards, to name some.

Related Articles

Related Topics: Channel: Consumer | Features & Analysis | Google: Privacy | Legal: Privacy | Microsoft: Privacy | Top News


About The Author: is Founding Editor of Marketing Land. He’s a widely cited authority on search marketing and internet marketing issues, who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn

Marketing Day:

Get the top marketing stories daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. You can read more about our comments policy here.
  • Andrew Davis

    Thanks for taking the time to put these unnecessary fears about privacy to rest, Danny. It’s something that should be talked about and your idea of a data privacy Bill of Rights is a good one. The bottom line is, more and more online users are becoming interested in this notion of Internet privacy, whether because of Google+’s recent changes, an experience with a potential employer who saw a drunk picture on Facebook, or a Weiner being posted on Twitter. 

    Since much of our lives are now transposed online it’s critical to understand what’s reasonable and what’s not in Internet privacy, and how we should protect ours. You put a lot of work into this post, one of my favorites. Keep holding the lantern high. 

  • @steveplunkett

    Curious, how long does it take you to write an article that detailed and that detailed?

    thanks for a very informative read. =)

  • phillip clearly

    I think that the most troubling aspect of privacy with Google is the including of email as part of the ‘profiling’ … even if it is supposedly only read by computers, there is a sense that Gmail is not ‘private’ or ‘confidential’. This is not the case with either Live or Hotmail. If that is taken out of the equation, Google and Microsoft can be viewed on the same footing.

  • Danny Sullivan

    This took about 2 1/2 hours, thought I was thinking about some aspects of it yesterday, and it drew on research from my previous articles. If I hadn’t already explored some of this stuff, it probably would have been about 5-7 hours. And glad you liked it.

  • Anonymous

    I think the article raise a lot of good points. An it certainly shows that Google still got a lot of work still to do to tidy up its services and settings areas. Whether they will carry out any more work in this area is anyone guest. 

    Google did seem to hint that the new privacy policy was just the beginning and not the end of the changes.

    I am not sure your PR argument is fair. It seem to me that a lot of the media just wants to catch Google in the act of doing something truly evil, something that cant be justified as a few rogue employees or a honest mistake. The media will pursue Google until they get the story they want or get bored an move onto pursuing another company. Think of the News of the World hacking story, large parts of the media would not let go of it until they got NOW to admit everything and force News corp into shutting down the paper.

    Plus many in the media blame Google for falling profits so they have plenty of motives to attack Google at every opportunity.

    Some journalist have actively admitted such, Charles over at the Guardian for example, he seem to get more desperate with each anti Google article he writes. Over at Forbes you got journalist mentioning anti trust issues at end of articles, for no reason, the article was about Google UI, the author responded to me when I bought it up in the comment section by saying that “It was just a cheap shot at Google. They can take their lumps.”. Here the article;

    I think Google could have done everything your article suggest. Google could have provided an easy to use, simple to understand settings. They could have produce a privacy policy with nice videos explaining exactly what every section means and the media an bloggers would still have attack them, because they want they are so desperate to write negative stories about Google, congress would still have written that letter as pay back for the beaten Google gave them over SOPA, which probably lost them a lot of campaign contributions and future job offers with multi million dollars salaries for doing a few hours of work per week.

    Plus how many of these bloggers and so called jouralists have been paid by Microsoft and Facebook to write these negative stories. Facebook was caught in the act last year paying people to write negative stories about Google and they were only expose because the journalist refuse to the money.

  • Anonymous

    Except for Microsoft Spam filters to fully work there would have to be some customisation going for each users. Microsoft own documentation about its spam technology says its computers read the contents of the email to identify Spam. 
    But the definition of Spam would be slightly different to each individual user.  

  • Birs Gonzo

    very nice post

  • caesar castro

    Thanks a lot for a very vivid explanation of this Google’s privacy policy. Now it’s much more lighter to take. Before it gives me an impression that Google wants to game fix ad dominance. It seems that Google is really picking-up the pieces together of its fragmented services. And perhaps this is one way of doing this.

  • Makho Kituashvili
  • Anonymous

    Yea I think Google competitors (I am looking at you Microsoft) saw the chance with these SPYW that raised by Danny as “unfair” (still open for debate) called their PR agents and started disseminating unbalanced view about it.

  • Nabil Al-Kourainy

    Excellent article. Facebook has had similar charges waged against it, and it looks like will continue to do so.

  • grantdb

    Great post thanks! I would like to point out some info that I found recently:

    “Note that disabling Web History in your Google account will not prevent Google from gathering and storing this information and using it for internal purposes. It also does not change the fact that any information gathered and stored by Google could be sought by law enforcement.
    With Web History enabled, Google will keep these records indefinitely; with it disabled, they will be partially anonymized after 18 months, and certain kinds of uses, including sending you customized search results, will be prevented.”

  • Kyle Polansky

    I like your idea of the Bill of Rights, however there is a problem with that. In real life, you have freedoms allowing you to do stuff, not preventing you from it. Even if you do have the right to silence, you still have the power to talk, although it would be a stupid idea.

    What I’m trying to get at, is what happens if a hacker somehow bypassed the countless security measures that Google has in place? This would break it’s “Bill of Rights”, and Google would be penalized on top of the original problem. There would then be a battle for the “real” bad guy, either Google who didn’t have enough security, or the hacker that caused the entire problem in the first place.

    Legal documents are also really hard to make. If Google wants to make a new product, they can just use the same terms without having to make some new document that hardly anyone reads. They also want to make sure there aren’t any parts of the document that someone could find a hole in.

    Lets also remember that Google is letting their users know before the switch to the new terms. The like was visible on many different Google services I used, and stayed there until I dismissed it. However, I also use a handful of Microsoft Services, and I couldn’t tell you when the last privacy change was. It appears to be in August last year, but I don’t remember getting an e-mail or anything about it.

Get Our News, Everywhere!

Daily Email:

Follow Marketing Land on Twitter @marketingland Like Marketing Land on Facebook Follow Marketing Land on Google+ Subscribe to Our Feed! Join our LinkedIn Group Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Marketing News!

Marketing Day is a once-per-day newsletter update - sign up below and get the news delivered to you!