Saturday, 28 January 2012

One policy, one Google experience

Happy International Data Protection Day!

In a brilliant move that can’t surely attract criticism from the European Data Protection Supervisor, Google is commemorating International Data Protection Day with a short message on its landing page, which may well be read by over half the internet-enabled population on the planet.

The message is sweet and simple: “We’re changing our privacy policy and terms. This stuff matters. Learn more”

It will be great to consult the Google Analytics team in a few months to see just how many people did actually click the hyperlink and take up the opportunity to “learn more”.

What has Google just done? Well, it’s announced changes to its privacy policy, which will take effect in 1 March. Over 60 different Google privacy policies are being replacing them with one that’s a lot shorter and easier to read. One rule to rule them all? Sounds suspiciously like what Commissioner Reding was trying to announce, last Wednesday. It’s also what Gandalf was striving to achieve, during his existence.

When you read the policy (some 2,300 words, depending on what parameters are selected before the automatic word counting exercise is carried out), you appreciate the trouble that has been taken to make Google's operating processes easy to understand. The Google team evidently agree with me that it’s better to draft policies in words that can be understood by Homer Simpson than just by Albert Einstein.

The words flow as if they had been penned by a Hollywood scriptwriter. The slick, lean and easy phrases don’t challenge anyone. I expect that some aspects of them will upset some of the privacy wonks, but for the remaining millions of data controllers who care, Google has created a great language that I’m sure many websites would benefit from being re-written in. Whether many lawyers and data protecton professionals are going to be brave enough to change their own, treasured, text for something that is written in common sense language, rather than obscure gobbledegook, is another matter.

Here is a sample of some of the headline stuff before users are directed to the actual policy:

”Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

Our new policy reflects our desire to create a simple product experience that does what you need, when you want it to. Whether you’re reading an email that reminds you to schedule a family get-together or finding a favourite video that you want to share, we want to ensure that you can move across Gmail, Calendar, Search, YouTube or whatever your life calls for, with ease.

If you’re signed in to Google, we can do things like suggest search queries – or tailor your search results – based on the interests that you’ve expressed in Google+, Gmail and YouTube. We’ll better understand which version of Pink or Jaguar you’re searching for and get you those results faster.

When you post or create a document online, you often want others to see and contribute. By remembering the contact information of the people you want to share with, we make it easy for you to share in any Google product or service with minimal clicks and errors.

Our goal is to provide you with as much transparency and choice as possible through products like Google Dashboard and Ad Preferences Manager, alongside other tools. Our privacy principles remain unchanged. And we’ll never sell your personal information or share it without your permission (other than rare circumstances like valid legal requests).

If you want to learn more about your data on Google and across the web, including tips and advice for staying safe online, take a look at Good to Know.”

I did think of looking at the policy and of comparing it to the recently published General Data Protection Regulation to see what sort of changes might need to me made to ensure that it complied with the proposed new rules on dealing with children, using cookies and obtaining consent. But why spoil a joyous day? Let’s just relax and celebrate International Data Protection Day, rather than have a quiet dig at the Commission. Just for once.

And how will I celebrate International Data Protection Day?


Last night I followed the lead of those intrepid souls who made their way to the Front Line Club in Paddington, who were on a mission to celebrate at a dinner organised by the Privacy Advisors Supper Club. Laughter there was lots. And what an array of different experiences were brought to the supper table. You learn so many unexpected things about your privacy colleagues. Who would have thought, for example, that one of the advisors among us had published a book a few years ago on surgical implants and surgical appliances, and, while a Commission official, had lobbied the European Commission to adopt their ideas as the basis for a new way of regulating medical devices in the EU? And you thought that data protection law was an obscure subject!

I can confirm that everyone present is now entitled to tick off items 12 & 50 on my list of “50 things to do before a data protection professional dies”.(see my blog postings of 17 and 18 January.

Anyway, given what we had to eat last night, there is only one appropriate way to spend today – to abstain from cookies for as long as possible (well, until dusk, anyway).