The late 1990s was a simple period for Google. The nascent company was just a search engine, and services such as Gmail, Android, and YouTube were, at best, a gleam in the eyes of startups. And the first privacy policy reflected this simplicity. She was brief and honest, sweet, old, kind artifact of other times of Silicon Valley, when Google explained in just 600 words how she collects and uses your personal information.
That Internet option (and Google) is no longer with us. Over the past 20 years, that same privacy policy has been rewritten into a bloated 4000-word document describing how the company treats your data.
This evolution, which has been going on for two decades and has known 30 options, is the story of the transformation of the Internet in the eyes of one of its most important entities. Today the web is terribly complex, and Google’s privacy policy is consistent with that.
Google’s privacy policy changes over time1999-2004: no longer writes about users "in total"
In the first five years, Google’s privacy policy reflected the era before smartphones — a time when few user data was collected and users were always viewed “collectively, not as individuals.” This concise declaration is probably the most important part of Google’s first privacy policy:
1999
Google may share user information with advertisers, business partners, and other third parties. However, we always provide information about users in aggregate, and not about individuals. For example, we can disclose how often the average Google user visits Google, or what other words are most often found in queries containing the word Microsoft.
This straightforward paragraph is cited from Google’s second version of the privacy policy, released three months later.
Twenty years later, this statement demonstrates how far Google has gone from its roots, says James Ward, a lawyer specializing in data privacy and security laws. “In short, this statement claims that Google used the wrong business model that it uses now,” he said.
2005-2011: Google reveals more data for better ad targeting
In the late 2000s, Google has changed dramatically. The acquisitions of companies such as YouTube video hosting (2006) and the DoubleClick advertising network (2008) have passed. This coincided with the rise of desktop and banner advertising, as well as the mobile revolution, which opened up new ways of advertising and tracking. Google's privacy policy has evolved to reflect these changes in the industry.
According to Ward, at this time, Google’s policy shifted from “straightforward disclosure of rules to a more complex system.” Since Google kept increasing the amount of personal data on which it built the advertising model and its entire business, then, according to him, the company “moved from the model” we don’t transfer your data "to the model" we don’t sell your data "."
And now, how over the years has changed what the company collected.
What the company collects
From the very beginning, Google’s business was built on advertising. Early privacy policies mentioned advertisers, but not targeted advertising. This changed in 2005 when Google first used the phrase "personalized content and advertising."
“Advertising Choice” was first mentioned in 2009, shortly after Google bought DoubleClick for $ 3.1 billion and built it into its marketing platform.
In June 2004, the following phrase appears:
If you have an account, we can share the information downloaded through this account between all our services in order to ensure their unhindered use and improve their quality.
Ward says that in 2004, people still believed in the honesty of such statements. But, according to him, “today it is clearly a signal of creating a comprehensive profile, and that every service you use will collect information for personalized advertising, even if you did not agree with this.” Ward claims that according to this policy you will be deemed to be consonant even without your knowledge of it.
2012-2017: business complexity requires policy complexity
Google’s status as an Internet giant has attracted more attention to the company. In August 2012, the company paid $ 22.5 million in fines by a decision of the US Federal Trade Commission for “misrepresenting assurances of confidentiality” regarding tracking cookies by people using Apple’s Safari browser.
In anticipation of the penalty, the “information we collect” section of Google’s privacy policy has been seriously edited.
In the March 2012 edition of the privacy policy, Google settled on an edited version of what information it shares:
We may provide information about you to companies, organizations or individuals not affiliated with Google if you have consented to this. We request your consent for the disclosure of special categories of personal data.
On the same day, Google rewrote the terms of use for the first time since 2007, editing the document from 20 points, making it shorter, but greatly expanding the definitions. One change regarding the downloaded content gives the company particularly wide privileges in using this content at its discretion:
By uploading or otherwise adding materials to our Services, you grant Google and its partners a worldwide license that allows us to use this content, post it, store, reproduce, modify, create derivative works based on it (for example, translations, adaptations and other ways of optimizing materials), share it, publish it, openly reproduce, display, and also distribute it.
The terms of use mention that “all intellectual property rights in respect of these materials remain with their owner. Simply put, everything that was yours will remain so. ” But, according to Ward, this revision of the terms, especially the phrase “uploading or otherwise adding content,” was a very meaningful change to what Google considers user-generated content.
“Your search queries, keystrokes, voice fingerprint and face in the Google Chat video chat, letters you sent via Gmail are all parts of the content you uploaded to their services,” he said. “That's exactly how we all“ agreed ”with this, having no idea that we did it.”
2018 - today: current policies are changing to comply with more stringent laws
The largest modern improvement in Google’s policy occurred in May 2018, in response to the European
General Data Protection Regulation , or GDPR. According to Sam Heft-Lufti, Product Manager for Google’s Privacy Policy, a policy change that took writers, designers, researchers and lawyers a whole year was not just a change in legal language, but a “complete product update” so that it “better describes what it’s going to we have information and explained the rights of users. "
Heft-Lufti said that although the policy was rewritten for clarity, it did not change what Google does with user data. “We have not expanded Google’s rights or permissions,” he said.
He also noted that the biggest changes in politics focused on making navigation easier. And although it still resembles a maze, in many sections now there are explanatory videos and color illustrations in the form of logos and images.
The policy added nine references to the fact that users can export their data, and several sections explaining how to delete their data - most likely, under the pressure of the GDPR rules, which give users more rights to own and manage their data.
Before and after GDPRIn 2019, the digital economy is vast, and echoes technology, companies, advertisers, and billions of people dumping data every second. Google collects most of this information to help shape world-changing products, as well as fuel its money-printing ad machine.
PS: after the appearance of this article from the New York Times on the Hacker News website, one of his readers
noted that the privacy policy of the newspaper itself consists of more than 5,000 words, and contains almost everything the same, for which the newspaper scolds Google, and a little more than that. It turns out, for example, that the New York Times reserves the right to sell (they call it "rent out") the name and mailing address of readers to advertisers.