Google’s Peter Fleischer is Dangerously Misleading on Privacy and Personalized Search

I’m supposed to be on vacation this week, but felt compelled to blog about this…

There has been increased attention lately about Google’s data retention policies and the impact its drive towards personalization might have on user privacy. In response, one of Google’s chief privacy lawyers, Peter Fleisher, whose opinion I normally have high regard for, has penned an op-ed piece (also found here and here) that recently appeared in the Financial Times.

The title of Fleisher’s piece is “Google’s search policy puts the user in charge” — a claim that is dangerously misleading.

In the op-ed, Fleisher touts the benefits of Google’s efforts to provide personalized search results (an important part of attaining the “perfect search engine“). With personalization, Google can provide the most relevant results (and advertisements, lest we forget) for ambiguous searches, such as “Paris Hilton.” He states:

…if an algorithm is built to take into account an individual’s preferences it has much more chance of guessing what that person is looking for. Personalised search uses previous queries to give more weight to what each user finds relevant to them in its rankings. If you have searched for information about handicaps or clubs before, a search for “golf” is more likely to return results about the game than the car. If you have been checking out the Louvre, you are less likely to have to wade through all the details of a particular heiress’s personal life.

Most anyone would agree that there are benefits to having search results tailored to the individual who performed the search. The concern, of course, is the trade-off for achieving this kind of efficiency. In the case of personalized search, that trade-off is user privacy, as Fleischer recognizes:

As the Financial Times has pointed out this week, personalised search does raise privacy issues. In order for it to work, search engines must have access to your web search history. And there are some people who may not want to share that information because they believe it is too personal. For them, the improved results that personalised search brings are not matched by the “cost” of revealing their web history.

(This concern, of course, is the basis of much of my research.)

Fleischer tries to resolve this crisis himself with a simple (but as we will see below, dangerously misleading) claim: that Google puts users in charge of whether to reveal their web search history. He explains:

We believe that the responsible way to handle this privacy issue is to ask users if they want to opt in to the service. That is why Google requires people to open an account and turn on their personalised search functionality. They do not have to give a real name to open a Google account, but even if they cannot be identified, we think they should have to give explicit consent before their web history is used. Unless they do, they will simply have the standard Google search service.Our policy puts the user in charge. It is not something Google seeks to control. At any time they can turn off personal search, pause it, remove specific web history items or remove the whole lot.

While it is true that users can opt into Google’s Web History product – effectively deciding whether they want their search results to be tweaked based on their search history – as well as remove items from the Web History service, this form of “user control” does not eliminate concerns over user privacy nor absolve Google of any responsibility in that regard.

It is vital for every user of Goolge (indeed, neary all search engines) to understand that their searches, results clicked, and other actions on Google’s platform are routinely monitored, logged, aggregated, and stored by Google. It says so right in Web History product’s own privacy FAQ (emphasis added):

4. What happens when I pause the service, remove items, or delete the Web History service?

You can choose to stop storing your web activity in Web History either temporarily or permanently, or remove items, as described in Web History Help. If you remove items, they will be removed from the service and will not be used to improve your search experience. As is common practice in the industry, Google also maintains a separate logs system for auditing purposes and to help us improve the quality of our services for users.

These logs are explained in Google’s main privacy policy, which acknowledges the collection of “information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser” as well as links that are clicked and other clickstream data.

Let me repeat this: Whether users opt in or out of Google’s Web History in order to personalize their searches, their activity on Google is still being tracked. Whether users delete some or all of the data in the Web History product interface, their activity on Google is still being tracked. Any privacy concerns that a user has about Google watching, tracking, and logging their search activity remains regardless of their actions related to the Web History product.

It is this kind of misleading rhetoric that lures users into thinking that Google is going out of their way to protect user privacy. It minimizes the threats of privacy online, lessens user’s expectations of privacy, and results in an atmostphere where the widespread monitoring and collection of user activity becomes normalized and unproblematic.

For Fleischer to suggest — in capacity of Google’s global privacy counsel — that users are in control of the privacy of their web search activities simply by allowing them to remove data from the Web Search history interface is dangerously misleading, and borderline negligent. I call on him — and Google — to correct this rhetoric and fully acknowledge how user privacy is impacted by Google’s techncial design and business practices, regardless of any kind of “control” users have with the Web History product.

UPDATE: Like I said above, I usually find Peter Fleischer’s comments and perspective on Google & privacy useful. Case in point: he has recently come out to say that Google’s privacy policy is “vague” and that the company “could do better” in crafting and communicating their position on user privacy. I hope he also addresses my concerns above.