Truth and lies, policy and practice…

Last week it struck me that we were entering a new phase in the way that privacy is dealt with on the net. Two of the biggest players, Google and Facebook, have made significant shifts in their ‘privacy policy’ – shifts that have got some people up in arms.

I’m not going to go through the new policies in detail – lots of people have already done that, and in Google’s case in particular close legal investigation by the French data protection authority CNIL is underway. No, what interests me is something different. Is the biggest change in both Google and Facebook’s case actually something that we should be greeting with a little more positivity? Is it just that now they’re both telling a bit more of the truth? Showing a bit more of that transparency that we privacy advocates are always talking about?

Brutal Honesty

Taking Google first, the key change in their policy, it seems to me, is that they’re admitting to data aggregation. That is, they’re openly acknowledging – indeed in some ways trumpeting – the fact that they’re now bringing together the data they gather from all the various different google services, and using it together. Google has a vast array of different services, from search to gmail, their various ‘location’ services (Google Earth, Google Streetview, Google Maps etc), YouTube, picassa, and of course Google +, so from their own perspective this makes perfect sense. Many of us in the privacy field have suspected (or even assumed) that they’ve always been doing this, or something like it – and their previous privacy policies have been vague enough or ambiguous enough that they could be read to make this sort of thing possible. Now, it seems to me, they’re being more open about it – more honest, more transparent.

That, of course, doesn’t make it any more ‘legal’ or ‘acceptable’ as a policy. Indeed, I wouldn’t be at all surprised if the CNIL investigation concludes that the new policy breaches EU data protection law – but, in reality, I wouldn’t have been at all surprised if the old policies, if investigated properly, had been in breach of EU data protection law. Even more pertinently, as I shall suggest below, I wouldn’t be at all surprised if Google’s practices, rather than they policies, were in breach of data protection law. They may well still be….

Moving on to Facebook, there is a bit of a hoo-haa about their changing the name of their ‘privacy policy’ to a ‘data use policy’. Again, it seems to me, this is actually a bit more honest, a bit more transparent. Facebook’s policy was always to use your data. Indeed, that’s the whole basis of their business model – and why we get to use Facebook for free. They give us the service, we let them use our data. For Facebook to admit that is a good thing, surely? If they’re more honest about what they do, we can make better informed decisions about whether to use them or not. If there is anyone out there who uses Facebook and doesn’t realise that Facebook are using their data – then they should be picked up and shaken, and told!

Facebook’s policy is to use your data, not to protect your privacy – isn’t it better to be open and say that?

Google’s policy is to aggregate all of your data – isn’t it better for them to be open and say that?

Policy and Practice

Finally, it should be remembered that policies are just words – what really matters isn’t what companies like Google and Facebook say they’re doing, but what they actually do. Very few people read privacy (or data use!) policies anyway. We don’t want companies to think changing privacy policies is a matter of good legal drafting – but a reflection of changing the way they actually operate, how they actually gather, hold and use our data, how they monitor us, profile us, target us and so forth.  I hope that the investigation by the CNIL looks properly at that – and that the regular FTC privacy audits of both Facebook and Google do the same. I wouldn’t say I’m exactly optimistic that they will…

….at least not this time. However, I do suspect that the increase in awareness about privacy issues by both individuals and authorities is one of the reasons that policy and practice may be getting closer. Facebook and Google seem to be being more honest and open about how they deal with privacy – because they are realising that they may have to be. We’re starting to at least try to hold them to account. That must be a good thing.

4 thoughts on “Truth and lies, policy and practice…

  1. You’re right. This strategy is the logical outcome of the ‘blatant integrity’ school of social media marketing. Everyone is loud and in-your-face, and if you don’t like that, the only remedy available to you is to be loud and in their face. A civil society doesn’t stand a chance.

  2. Yes – in some ways better than deception and dissembling, but there is always the sense that they’re honest because they can be, and there’s nothing we can do about it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s