HomestoryDoubleClick › Privacy Groups Seek Regulatory Review of Google Privacy Policy

News Story

Privacy Groups Seek Regulatory Review of Google Privacy Policy

THE WALL STREET JOURNAL
http://www.wsj.com/articles/privacy-groups-seek-regulatory-review-of-google-privacy-policy-1482190366

Complaint filed with FTC takes issue with how search giant bundles user data

Two privacy groups have filed a complaint asking U.S. regulators to review changes Google made to its privacy policy in June that enable the internet-search giant to build more robust profiles of its users.

The complaint, which Consumer Watchdog and Privacy Rights Clearinghouse filed with the Federal Trade Commission, centers on Google’s request in June that users opt-in to new privacy settings that enable Google to combine their browsing histories with their search histories to show more personalized ads. The privacy groups claim the move violated deceptive-practices law and a previous FTC order.

The privacy groups filed their complaint on Thursday but didn’t make it public until Monday.

The June change reversed a nearly decade-old policy at Google, a unit of Alphabet Inc., to separate user data between its core products, such as search, and its popular DoubleClick business, which helps advertisers place ads on third-party websites. DoubleClick uses so-called cookies embedded on third-party sites to track users as they browse across the internet. Google said it would keep the data sets separate amid scrutiny of its 2007 purchase of DoubleClick.

Google said in a statement Monday that it changed the policy “to match the way people use Google today: across many different devices,” and that “it is 100% optional—if users do not opt-in to these changes, their Google experience will remain unchanged.” The company added that it told regulators across the world about the change and incorporated their feedback, though it declined to say which regulators and what feedback it received.

The FTC said it has received the complaint and is “closely reviewing it.”
Privacy advocates criticized Google’s purchase of DoubleClick in 2007 for $3.1 billion as harmful to internet users’ privacy. Combining data from users’ search histories with their browsing history would “result in the creation of ‘super-profiles’ ” on users, the New York State Consumer Protection Board said at the time.

After the FTC’s review of the deal, Google said it would keep DoubleClick data separate from the data it collects on users from Google services such as search, maps and Gmail. The notice to users this past June asked them to agree to “turn on…new features” to their accounts that would give them “more control over the data Google collects and how it’s used, while allowing Google to show you more relevant ads.” The June change did create a new user-account page that allowed users to alter their privacy settings.

It wasn’t entirely clear, until an October report in ProPublica, that the change also erased its previous policy that kept Google and DoubleClick data separate.
“By finally combining all of this information, Google has engaged in a dangerously invasive and far-reaching appropriation of user data,” the privacy groups say in their FTC complaint. “Google has done incrementally and furtively what would plainly be illegal if done all at once.”

The groups argued in the complaint that Google’s actions violate U.S. law that prohibits “unfair or deceptive acts,” as well as a 2011 order from the FTC—issued after a separate privacy violation—that requires Google to not misrepresent its users’ privacy, among other things.