Google adds Dashboard: Does transparency mean more online privacy?

By Alexander B. Howard, Associate Editor 06 Nov 2009 | SearchCompliance.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More on privacy, e-records Survey shows privacy policy success lies in collaboration with IT HITECH moves electronic health records forward; standards to come

Located at www.google.com/dashboard, the tool gathers in one location personal information from all the services to which a user subscribes, and provides links to settings or applicable online privacy policies.

"Many people rely on a host of Google products and services in their daily lives," said Erica Newland, a privacy analyst at the Center for Democracy & Technology. "Until now, there's been no easy way to keep track of which Google products you are using, not to mention a way to comprehensively manage the information you share with Google across its different products. By creating a dashboard that unites this information and provides clear links to relevant privacy settings, Google has helped give people a little more control over their online identities."

Google Dashboard joins a number of online resources, including:

• Privacy Center, which provides users with online privacy policies for each service.
• Data Liberation Front, which allows users to move data in and out of Google.
• A control panel for "interest-based advertising," which allows users to customize which ads they see.

When users view the list of Google services using the dashboard, they might be surprised just how much data Google is aggregating about online activity. Such information includes Google Docs, Gmail, Spreadsheets, Chat, Tasks and Voice. This creates high expectations for data protection and privacy from individuals or businesses that have entrusted their personal or proprietary data to the cloud. What may be more provocative to many, however, is the history of user searches displayed in the dashboard, including maps, images, products, books or news.

How long does Google hold search data?

Aggregated search data is the crux of the online privacy issue for Google, which makes the bulk of its profit from advertising against search results. Alan Davidson, director of public policy and government affairs at Google, spoke at a panel on privacy earlier in the week at the Center for American Progress in Washington, D.C.

Privacy is an "ethical and business imperative," Davidson said. "Users are increasingly finding value in sharing personal information online."

One example of this trend, he said, is cloud computing, like Google, Hotmail or Yahoo email, Facebook or Google search. "People are doing this because they find it to be a compelling way to access things they couldn't access on their desktop," he said, "like converting a document from Mandarin to English for free."

Davidson alluded to the relevance of aggregating data to the future of newspapers, noting that "being able to provide advertising that is useful to users and is well targeted is going to be an important mechanism in the online world."

He suggested that companies can provide people with tools to control their information, including telling them what data is aggregated, offering them choices for control, and ensuring that information is kept secure. One example is interest-based advertising, or behavioral-based advertising, in which ads are served to users based on search or browsing histories.

Jeffrey Rosen, a professor of law at The George Washington University Law School and moderator of the panel, asked Davidson if the solution is to delete data. After Yahoo turned over search data to the U.S. government, Rosen pointed out, deleting these logs became one mechanism to prevent having to turn over the search history of users to government agents on request.

Davidson said the company keeps logs for nine months. "We keep [search data] for a little while because it turns out to be useful," he said. "There's pressure from law enforcement to keep it longer. All we have of that user is an IP address. There's a lot of debate about how identifiable an IP address is."

Could better delivery of health care services or medical therapies ever outweigh the privacy rights of consumers? Davidson raised Google Flu Trends as a "powerful" health tool, "something we were only able to build because we have data for nine months, or longer once we anonymize it."

[A dashboard] is no replacement for a national base line consumer privacy law. ... Consumers ultimately lack the tools to protect their own privacy. Erica Newland privacy analyst, Center for Democracy & Technology

Dr. Deborah Peel, a practicing physician and member of the board of directors at Patient Privacy Rights who sat on the panel with Davidson, pushed back on the notion of anonymization. "It's nearly impossible to de-identify and anonymize health information," she said. "EPIC and Patient Privacy Rights wrote a letter to Google to give us the algorithms to see if five years of data was in fact de-identified."

Davidson said Google is in favor of a "base line" privacy rule. "The basic premise -- that people should know what data is being used for and choices about its being used -- is something we support." Davidson suggested that industry-wide mechanisms are needed, including standards and an ability to opt out. "As much as we'd like this to be something that industry does on its own, it's quite clear that law needs to be involved."

The challenge, as privacy and compliance professionals know, is that there isn't a federal privacy law yet. "Although the dashboard is a step in the right direction," Newland said, "it is clearly no replacement for a national base line consumer privacy law. No such law exists, and consumer privacy violations abound. Consumers ultimately lack the tools to protect their own privacy."

Tags: Industry-specific requirements for compliance,  HIPAA and other healthcare compliance requirements,  Managing governance and compliance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Industry-specific requirements for compliance Poor application security creates supply chain risk, security threat Business Model for Information Security: Security right the first time Enterprise document management FAQ: IT operations and compliance Compliance news quiz: Test your knowledge of FTC, SB 20, PCI and more NERC CSO warns of cybersecurity threats, risk to electric grid FTC compliance mandates new rules for social media marketing How to design an FTC compliance program for social media marketing McCain answers new FCC net neutrality rules with Internet Freedom Act SAP sees green in sustainability software for carbon compliance Electronic privacy integral to identity management standards, says DHS HIPAA and other healthcare compliance requirements IT compliance: FAQs about IT operations, regulations and standards Enterprise document management FAQ: IT operations and compliance Compliance news quiz: Test your knowledge of FTC, SB 20, PCI and more HIPAA-covered entities' first step should be a quality assurance plan HITECH moves electronic health records forward; standards to come HITECH FAQ: What is the impact of the HITECH Act on IT operations? Discovery of data breach under HITECH raises big compliance questions Healthcare, cybersecurity policy and privacy on legislative agenda Record locator service a step to health information exchange FTC pursuing HIPAA violations as a matter of consumer protection Managing governance and compliance A business continuity management standard would offer consistency Business Model for Information Security: Security right the first time Facing uncertainty, IT turns to governance, risk and compliance, ERM NERC CSO warns of cybersecurity threats, risk to electric grid Priorities for your sound regulatory compliance management policy Threat management for information systems relies on categorization HITECH FAQ: What is the impact of the HITECH Act on IT operations? Survey shows privacy policy success lies in collaboration with IT Record locator service a step to health information exchange U.S. CIO Vivek Kundra on Data.gov, OpenID and government transparency

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary PCI compliance  (SearchCompliance.com) XBRL  (SearchCompliance.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary