Google Book Search Privacy Policy Mirrors Web Search, with One Hopeful, albeit Limited, Difference

The proposed Google Book Search Settlement Agreement has been the target of numerous criticisms, not the least of which has been its incredible impact on — and incredible silence about — users’ intellectual privacy. Well before the settlement even emerged, I tried to highlight some of the privacy concerns related to the growing reliance on Google Book Search for our information-seeking needs. More recently, as the possible approval of  settlement looms, various advocacy groups have again brought attention to the fact that Google might gain even greater ability to monitor the books you browse, the pages you read, and even the highlights and marginal notes you make on digital copies of books, including the Electronic Frontier Foundation, the ACLU, and the Center for Democracy & Technology.

In July 2009, Google posted a brief FAQ regarding privacy and Book Search, promising that the services provided under the Settlement will be bound by its general Privacy Policy, that it will only share aggregate usage data with the Book Rights Registry, that Google Accounts will not be required to access the services (although there will be some access limits for those who don’t login).

To most, including myself, this FAQ failed to sufficiently quell concerns over GBS’s impact on intellectual privacy and the freedom to read anonymously.

At the “Google Books Settlement and the Future of Information Access” conference organized by the UC-Berkeley Information School, I joined other advocates in calling on Google to be more forthright about the privacy concerns — and need for more specific protections — related to the GBS settlement and proposed infrastructure for accessing digital books. Google has insisted, however, than a more detailed privacy policy was impossible to construct since the actual technology has not yet been developed. Google’s Privacy Counsel, Jane Horvath, noted this apparent obstacle in an August 31, 2009 letter to the FTC:

Because the settlement agreement has not yet been approved by the court, and the services authorized by the agreement have not been built or even designed yet, it is not possible to draft a final privacy policy that covers details of the settlement’s anticipated services and features.

Sharing the concern of privacy advocates, the FTC refused to fully accept Google’s deferment, and urged Google to publish a privacy policy outlining Google’s specific privacy commitments for the Book Search product:

[I]t is important for Google to develop a new privacy policy, specific to Google Books, that will apply to the current product, set forth commitments for future related services and features, and preserve commitments made in the existing privacy policy.

As Google develops its new privacy policy, we urge Google to focus in particular on appropriately limiting secondary uses of data collected through Google Books, including uses that would be contrary to reasonable consumer expectations.

So, upon receiving this demand from the FTC, Google did what it has previously said was impossible: it published a Privacy Policy for Google Books.


In announcing the publication of this privacy policy, Google notes that “Google Books has always been covered by the general Privacy Policy for all of Google’s services”, and in the policy itself it is stated that “Any publicly available product authorized by the settlement will have a privacy policy comparable to policies you can see in our Privacy Center today for other Google products.” While this sounds comforting, it is the very fact that Google intends to treat Book Search records with the same (and in many ways, limited) privacy protections as its other products that causes much of the concern.

As I noted in my remarks at the Berkeley event, there are particular expectations of privacy when it comes to seeking information in a library setting. The context of the library brings with it specific norms of information flow regarding patron activity, including a professional commitment to patron privacy. But the insertion of Google into this context raises an alarm, and merely promising that the same privacy standards of Web searching will apply is insufficient. Here’s why:

Searching for information on the World Wide Web was a new experience for most everyone. It was a new frontier of information-seeking, which developed its own business model, its own technical infrastructure, and its own technical standards and best practices, ones that rely heavily on the tracking and capturing of user data. Google has gone to some lengths to explain how & why it must track and collect user data for Web searches. Many people accept this as the norm for Web searchers: in order to benefit from what companies like Google have created, we need to acquiesce to this kind of tracking of our search activity. Yes, Google promises not to give to other people except in specific circumstances, but in general, people know and accept that Google can see what they’re searching for, and they keep and use that data for a variety of purposes. For most, that’s just the way the Web works.

But the context of the library is altogether different. In the library, users intellectual activities are protected by decades of established norms and practices intended to preserve patron privacy and confidentiality, most stemming from the ALA’s Library Bill of Rights and related interpretations. As a matter of professional ethics, most libraries protect patron privacy by engaging in limited tracking of user activities, having short-term data retention policies (many libraries actually delete the record that you ever borrowed a book once it is returned), and generally enable the anonymous browsing of materials (you can walk into a public library, read all day, and walk out, and there is no systematic method of tracking who you are or what you’ve read). These are the norms of the library.

With the proposed GBS settlement, we are talking about the de facto transfer of library practices (reading a book) to a Web-based infrastructure powered by Google (searching the Web). It will be reasonable to expect the same informational norms that exist in the libra
ry settings – limited tracking, short-term data retention, possibilities of anonymous browsing – to translate into the proposed digital system for browsing books. If these are the expected norms of information flow, we must ensure they are respected by any system designed for browsing digitized books. In short, the system must be conceived as an extension of the library – with its informational norms in tow – and not an extension of Google, burdened with its standard practice of gathering user information.

Unfortunately, the fact that Google repeats that Google Books will follow the same privacy policy of general Web searching means the norms of data collection of the Web will likely prevail over the norms of the library. All the reasons we are concerned about the privacy of our Web searches are now amplified with the possible emergence of a large-scale infrastructure to track and monitor book searches. This is part of why most advocates where disappointed with the privacy policy released by Google.


That said, there is one hopeful difference in the privacy commitment laid out by Google. Google notes the existence of special protections, in some jurisdictions, protecting the the privacy of people’s activities in libraries:

Special legal privacy protections for users may apply in cases where law enforcement or civil litigants ask Google for information about what books an individual user has looked at. Some jurisdictions have special “books laws” saying that this information is not available unless the person asking for it meets a special, high standard – such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader’s interest in reading anonymously under the United States First Amendment or other applicable laws.

This is an important recognition of how people’s actions in the library setting often deserve special protections (something I wish Google would recognize with all information-seeking activities). In response Google promises that (emphasis added): “Where these “books laws” exist and apply to Google Books, we will raise them.” Quite honestly, I don’t know what Google means by stating it will “raise them”. The most basic reading of this statement means that if the law exists, then Google will bring that law to the Court’s attention (as if the Court wouldn’t have already addressed it?). That’s not the same as a promise to require warrants, challenge subpoenas, or otherwise require compliance with these laws.

Perhaps I’m wordsmithing, but this is such an important issue, Google should be more precise in their intentions (which was the whole point of demanding this policy in the first place). Further, this seems to be yet another case where Google is thinking like lawyers about privacy, suggesting that “there are some laws that might protect readers’ privacy, and we’ll “raise them” when appropriate.” But it seems to be only the existence of such laws that prompts Google’s additional attention to the uniqueness of intellectual privacy.

What Google needs to do is think like a librarian, and do whatever it takes to ensure readers’ privacy and confidentiality is protected, regardless of what the law requires.

1 comment

  1. Hello Michael,

    A privacy concern that I have with regards to the digitization of books is from my experience with the partnership of The University of Wisconsin-Madison and Google Inc. You see on May 13 of this year I found out by accident that the University of Wisconsin in partnership with Google Inc. had digitized my genealogical and family history work, “Fevens, a family history” in 2008. Because my work has a genealogical section, when I searched Google Books on May 13th, personal information of individuals mentioned in my book were displayed in the “snippet” search results. Google Inc. has now scanned all of the University of Wisconsin-Madison’s genealogical collection, and I know for a fact that there are other books that are displaying current, private information at the Google Book site. In case you are wondering, The University of Wisconsin probably acquired their copy of “Fevens, a family history” from Coutts Library Services Canada, (“a leading international supplier of books to academic, medical, professional and reference libraries, with a niche in the supply of Standing Order titles through our customized system”) whom I sold 4 copies to. I figured they sold to libraries and I could trust a library to respect my copyright –yah right eh??? An article about my disagreement with the university and Google can be found in the Madison, Wisconsin newspaper The Capital Times — “Small-time author blasts Google-UW digital book project” at:

    Douglas Fevens
    Halifax, Nova Scotia
    The University of Wisconsin, Google, & Me

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s