Privacy Groups Decry Google's Plans For DoubleClick
The groups want the FTC to determine what data collected by Google and DoubleClick is personally identifiable.
Google's plan to acquire Internet advertising firm DoubleClick came under fire Friday from privacy and consumer advocacy groups.
The Electronic Privacy Information Center, the Center for Digital Democracy, and U.S. PIRG, a federation of state Public Interest Research Groups, filed a complaint with the Federal Trade Commission to halt the acquisition until Google addresses several specific privacy concerns.
The groups want the FTC to determine what data collected by Google and DoubleClick is personally identifiable. They are seeking the deletion of DoubleClick's user-identifiable cookies where users haven't granted explicit permission for the transfer of that data, the establishment of a formal plan for privacy compliance with government and industry privacy standards, access to all personally identifiable data for the individual to whom the data pertains, and the establishment of a "meaningful data destruction policy" -- the very opposite of a more expansive data retention regime being sought by the U.S. Department of Justice.
Coincidentally on Friday, Google announced a new feature for Google Account holders called Web History. The service represents an expansion of the optional Search History feature which allowed consenting users to search their previous searches and, recently, to receive automated recommendations about potentially interesting sites based on past searches.
Under the more expansive Web History branding, Google is assembling an even more complete picture of its users' online activities by integrating data about Google searches, Web page visits, images, videos, and news stories.
The complaint charges Google with deceptive and unfair trade practices.
"Upon arriving at the Google home page, a Google user isn't informed of Google's data-collection practices until he or she clicks through four links," the complaint states. "Most users will not reach this page." It also notes that Google doesn't provide a way to opt-out of having search terms tracked.
"Google's and DoubleClick's conduct," the complaint charges, "...has injured consumers throughout the United States by invading their privacy; storing information through the retention of users' search terms in ways and for purposes other than consented to or relied upon by such consumers; causing them to believe online activities would remain anonymous; and undermining their ability to avail themselves of the privacy protections promised by online companies."
Nicole Wong, Google's deputy general counsel, said in a statement, "EPIC's complaint is unsupported by the facts and the law. Google aggressively protects user privacy and recognizes that user trust is essential to the success of our products and central to the company's values. Our privacy policies are clear and easily accessible to our users. We provide strong notice when users sign up for products that may collect personally identifiable information and offer users choices about how their information is used. Our search engine can also be used without providing any personally identifying information at all. We recently strengthened privacy protections even further by improving our data retention practices. EPIC utterly fails to identify any practice that does not comply with accepted privacy standards. Nothing about the proposed acquisition of DoubleClick changes our commitment to these privacy principles."
DoubleClick said in a statement issued today that media reports suggesting that its data could be combined with Google's were incorrect. "Information collected by DoubleClick DART ad serving technology belongs to DoubleClick's clients and not to DoubleClick," the company said. "Any and all information collected by DoubleClick is, and will remain, the property of the company's clients. Ownership rights, like the other terms of DoubleClick's client contracts, will be unaffected by any acquisition. Further, Google would not be able to match its search data to the data collected by DoubleClick, as DoubleClick does not have the right to use its clients' data for such purposes."
At the Web 2.0 Expo, just after Google announced plans to acquire DoubleClick, Google CEO Eric Schmidt downplayed the suggestion that Google's increasing store of data represented a threat. "People often express this concern and after they understand what our computers really do, they feel more comfortable," he said.
This isn't the first time such concerns have been raised and Google has consistently positioned itself as a company that respects user privacy. In March, the company said it planned to partially anonymize the IP address information left by Web site visitors in its server logs -- data all Web servers can track -- after 18 to 24 months.
However, individuals can still be identified through anonymized search data, as AOL's unauthorized release of 658,000 search records in 2006 and the ensuing news stories demonstrated.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.