Google Dashboard: full disclosure?

This morning, Google has launched Google Dashboard, a “privacy dashboard” intended to help users see what information Google holds about them across its various services.

Google is able to track a huge proportion of its account-holders’ online activities. Google has my personal emails (27,473 conversations since 2004), my personal contacts’ details, a full history of my web searches and of much of my web browsing. It knows what videos I’ve watched on YouTube, and what RSS feeds I’ve read through Google Reader.

It’s useful to have this summary of the different ways in which Google knows about us. That said, does this really tell us what Google knows? As any company in the data management business can confirm, the power of personal data comes not from the raw information, but from the ability to analyse that information in order to identify patterns of behaviour and so on.

So a criticism that could be made of Google Dashboard is that it is an example of “informing to conceal”. We are given apparently comprehensive details of the information Google possesses about us. But the real privacy concerns – not to mention the commercial value to Google of the information – comes from what they are able to deduce about us from this information: and that, not surprisingly, they are keeping to themselves.

The cost of online privacy

The European Commission is taking an increasingly interventionist approach towards internet regulation, particularly as regards individuals’ privacy rights. Earlier this week, the Commission announced that it was taking further steps to require the UK to fully implement EU laws on the interception of communications, while legislation currently working through the European parliament will require all websites using cookies to obtain express permission from users. These measures are particularly aimed at the restriction of “behavioural advertising” (also the subject of an OFT investigation).

In each case, the Commission claims (with some justification) to be acting in response to citizens’ concerns about their fundamental privacy rights. However, this may be a case where European citizens should have taken the old advice to “be careful what you wish for”.

It is unlikely that many people will shed tears over the fate of the Phorm “Webwise” system, which proposed to monitor web users’ activities in order to serve up advertisements matching their interests. The controversy over whether the system was legal under UK law led to the Commission’s investigation into the UK’s implementation of EU laws on the interception of communications, in particular the Regulation of Investigatory Powers Act 2000 (RIPA). The Commission has three complaints concerning RIPA:

  • the lack of an “independent national authority to supervise interception of communications”;
  • the permitting of interceptions where the interceptor has “reasonable grounds for believing” that consent to do so has been given, where EU rules require “freely given, specific and informed” consent;
  • restriction of prohibitions and sanctions for unlawful interception only to “intentional” interception only, whereas the EU law requires member states to impose liability even for unintentional interception.

If UK law has to be tightened, especially on the second and third items, this will have a considerable impact on many businesses, not just those involved in online advertising.

The proposed new law on cookies could have an even bigger impact on online advertising and the surfing experience of European web users. Current EU law requires websites to offer visitors the “right to refuse” cookies. The UK has interpreted this quite broadly, with the Information Commissioner’s guidance (PDF) taking a pragmatic approach in which it was sufficient for companies to inform users in their privacy policies and leave it to individuals to block cookies using their browser settings.

The proposed change is intended to “clarify” the original law by requiring express consent from users before a website places a cookie on their computer. It has been suggested that this will mean websites have to show a pop-up to users entering the site, explaining what cookies are used (and for what purpose) and requesting consent. As many users hate pop-ups even more than they hate online advertisements, this is likely to have a significant adverse impact on many people’s web experience, and put EU-based websites at a disadvantage compared with their international competitors.

In addition, increased refusal of cookies will make online advertising more difficult and less profitable, which will increase the pressure on websites to charge users for accessing content. Again, one wonders whether many people would prefer the current trade-off between privacy rights and availability of “free” content over a web in which they encounter pop-ups and paywalls at every turn.

The Guardian’s recent supplement on the fortieth anniversary of the internet recalled an early (1994) description of the web as a place “where pornographers and Nazis walk freely, where criminals roam unchecked and where anarchy reigns”. These developments are another reminder of how far we have come from the Wild West days of the early, unregulated web. The web is now a highly-regulated environment: it remains to be seen whether it can retain its other benefits as the effects of this regulation become more apparent.