Google’s new Privacy Policy

Our updated Privacy Policy takes effect today, March 1. As you use our products one thing will be clear: it’s the same Google experience that you’re used to, with the same controls.

And because we’re making these changes, over time we’ll be able to improve our products in ways that help our users get the most from the web.

While we’ve undertaken the most extensive user education campaign in our history to explain the coming changes, we know there has been a fair amount of chatter and confusion.

Here are a few important points to bear in mind:

Our Privacy Policy is now much easier to understand.

We’ve included the key parts from more than 60 product-specific notices into our main Google Privacy Policy—so there’s no longer any need to be your own mini search engine if you want to work out what’s going on. Our Privacy Policy now explains, for the vast majority of our services, what data we’re collecting and how we may use it, in plain language.

Our Privacy Policy will enable us to build a better, more intuitive user experience across Google for signed-in users.

If you’re signed in to Google, you expect our products to work really beautifully together. For example, if you’re working on Google Docs and you want to share it with someone on Gmail, you want their email right there ready to use. Our privacy policies have always allowed us to combine information from different products with your account—effectively using your data to provide you with a better service. However, we’ve been restricted in our ability to combine your YouTube and Search histories with other information in your account. Our new Privacy Policy gets rid of those inconsistencies so we can make more of your information available to you when using Google.

So in the future, if you do frequent searches for Jamie Oliver, we could recommend Jamie Oliver videos when you’re looking for recipes on YouTube—or we might suggest ads for his cookbooks when you’re on other Google properties.

Our privacy controls aren’t changing.

The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.

If you don’t think information sharing will improve your experience, you can use our privacy tools to do things like edit or turn off your search history and YouTube history, control the way Google tailors ads to your interests and browse the web “incognito” using Chrome. You can use services like Search, Maps and YouTube if you are not signed in. You can even separate your information into different accounts, since we don’t combine personal information across them. And we’re committed to data liberation, so if you want to take your information elsewhere you can.

We’ll continue to look for ways to make it simpler for you to understand and control how we use the information you entrust to us. We build Google for you, and we think these changes will make our services even better.

Updating our privacy policies and terms of service

In just over a month we will make some changes to our privacy policies and Google Terms of Service. This stuff matters, so we wanted to explain what’s changing, why and what these changes mean for users.

First, our privacy policies. Despite trimming our policies in 2010, we still have more than 70 (yes, you read right … 70) privacy documents covering all of our different products. This approach is somewhat complicated. It’s also at odds with our efforts to integrate our different products more closely so that we can create a beautifully simple, intuitive user experience across Google.

So we’re rolling out a new main privacy policy that covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way. While we’ve had to keep a handful of separate privacy notices for legal and other reasons, we’re consolidating more than 60 into our main Privacy Policy.

Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the web.

These changes will take effect on March 1, and we’re starting to notify users today, including via email and a notice on our homepage.



What does this mean in practice? The main change is for users with Google Accounts. Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you've provided from one service with information from other services. In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience.

Our recently launched personal search feature is a good example of the cool things Google can do when we combine information across products. Our search box now gives you great answers not just from the web, but your personal stuff too. So if I search for restaurants in Munich, I might see Google+ posts or photos that people have shared with me, or that are in my albums. Today we can also do things like make it easy for you to read a memo from Google Docs right in your Gmail, or add someone from your Gmail contacts to a meeting in Google Calendar.

But there’s so much more that Google can do to help you by sharing more of your information with … well, you. We can make search better—figuring out what you really mean when you type in Apple, Jaguar or Pink. We can provide more relevant ads too. For example, it’s January, but maybe you’re not a gym person, so fitness ads aren’t that useful to you. We can provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day. Or ensure that our spelling suggestions, even for your friends’ names, are accurate because you’ve typed them before. People still have to do way too much heavy lifting, and we want to do a better job of helping them out.

Second, the Google Terms of Service—terms you agree to when you use our products. As with our privacy policies, we’ve rewritten them so they’re easier to read. We’ve also cut down the total number, so many of our products are now covered by our new main Google Terms of Service. Visit the Google Terms of Service page to find the revised terms.

Finally, what we’re not changing. We remain committed to data liberation, so if you want to take your information elsewhere you can. We don’t sell your personal information, nor do we share it externally without your permission except in very limited circumstances like a valid court order. We try hard to be transparent about the information we collect, and to give you meaningful choices about how it is used—for example our Ads Preferences Manager enables you to edit the interest categories we advertise against or turn off certain Google ads altogether. And we continue to design privacy controls, like Google+’s circles, into our products from the ground up.

We believe this new, simpler policy will make it easier for people to understand our privacy practices as well as enable Google to improve the services we offer. Whether you’re a new Google user or an old hand, please do take the time to read our new privacy policy and terms, learn more about the changes we’re making and understand the controls we offer.

Tech tips that are Good to Know

Does this person sound familiar? He can’t be bothered to type a password into his phone every time he wants to play a game of Angry Birds. When he does need a password, maybe for his email or bank website, he chooses one that’s easy to remember like his sister’s name—and he uses the same one for each website he visits. For him, cookies come from the bakery, IP addresses are the locations of Intellectual Property and a correct Google search result is basically magic.

Most of us know someone like this. Technology can be confusing, and the industry often fails to explain clearly enough why digital literacy matters. So today in the U.S. we’re kicking off Good to Know, our biggest-ever consumer education campaign focused on making the web a safer, more comfortable place. Our ad campaign, which we introduced in the U.K. and Germany last fall, offers privacy and security tips: Use 2-step verification! Remember to lock your computer when you step away! Make sure your connection to a website is secure! It also explains some of the building blocks of the web like cookies and IP addresses. Keep an eye out for the ads in newspapers and magazines, online and in New York and Washington, D.C. subway stations.



The campaign and Good to Know website build on our commitment to keeping people safe online. We’ve created resources like privacy videos, the Google Security Center, the Family Safety Center and Teach Parents Tech to help you develop strong privacy and security habits. We design for privacy, building tools like Google Dashboard, Me on the Web, the Ads Preferences Manager and Google+ Circles—with more on the way.

We encourage you to take a few minutes to check out the Good to Know site, watch some of the videos, and be on the lookout for ads in your favorite newspaper or website. We hope you’ll learn something new about how to protect yourself online—tips that are always good to know!

Update Jan 17: Updated to include more background about Good to Know.

DatenDialog - Big Tent goes to Berlin



In May, we held our first Big Tent conference near London, where we debated some of the hot issues relating to the Internet and society with policy-makers, academics and NGOs. The term "big tent” not only described the marquee venue but also our aim to include diverse points of view.

After the U.K. success, we decided to export the concept. Yesterday we welcomed more than 200 guests in Berlin, Germany to the second Big Tent event, entitled DatenDialog.

This dialogue about data tackled the issue of online privacy from a variety of angles. It was appropriate to hold it in Germany, which is a pacesetter both in its concern about privacy and its ideas for safeguarding personal data. During the one-day event, we debated questions such as: what does responsible collaboration between the tech industry and the data protection authorities look like? Do we need new regulation to manage the Internet and the large amount of data produced in the online world? Who is responsible for educating users and how does the tech industry make sure it builds privacy controls into its products?

Speakers included the German State Secretary for the Interior Cornelia Rogall-Grothe and the Federal Data Protection Commissioner Peter Schaar, alongside international authors and bloggers Cory Doctorow and Jeff Jarvis who appeared via live video chat from the U.S.



The debate was always lively, sometimes polarised—Cory likened amalgamated data to nuclear waste while Jeff appealed to governments not to regulate for the worst case—but all seemed to agree that it was a worthwhile and timely exercise to explore these important issues.

You can watch the highlights soon on our Big Tent YouTube channel, and stay tuned for more Big Tents on a range of topics around the world in the coming months.



(Cross-posted from the European Public Policy Blog)

Greater choice for wireless access point owners

From tagging a post with your location, to checking in to a restaurant, to simply finding out where you are, location-based services have become some of the most popular features of today’s Internet. One of the key ways technology companies are able to determine a location for these services is through a location database, which matches publicly broadcast information about local wireless networks with their approximate geographic location. By looking for wireless access points that are close to a user’s phone, location providers can return the approximate location you need. In addition, this method is a good alternative to other approaches, like GPS, because it’s faster, it works indoors, and it’s more battery-efficient.

The wireless access point information we use in our location database, the Google Location Server, doesn’t identify people. But as first mentioned in September, we can do more to address privacy concerns.

We’re introducing a method that lets you opt out of having your wireless access point included in the Google Location Server. To opt out, visit your access point’s settings and change the wireless network name (or SSID) so that it ends with “_nomap”.  For example, if your SSID is “Network”, you‘d need to change it to “Network_nomap”.

To get started, visit this Help Center article to learn more about the process and to find links with specific instructions on how to change an access point’s SSID for various wireless access point manufacturers.

As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse. Specifically, this approach helps protect against others opting out your access point without your permission.

Finally, because other location providers will also be able to observe these opt-outs, we hope that over time the “_nomap” string will be adopted universally. This would help benefit all users by providing everyone with a unified opt-out process regardless of location provider.

Update Nov 21: Edited punctuation to clarify the "_nomap" tag.



(Cross posted on the European Public Policy Blog)

Changes to the open Internet in Kazakhstan

(Cross-posted on the European Public Policy Blog and Public Policy Blog)

Update June 14, 7:40pm: After we published this post, the Kazakhstan authorities issued new guidance stating that the order no longer applies to previously registered domains. In practice this means we can re-launch google.kz. While we’re pleased that we can once again offer our users in Kazakhstan customized search results, we encourage the Government of Kazakhstan to rescind this requirement for all future .kz domains as well.

The genius of the Internet has always been its open infrastructure, which allows anyone with a connection to communicate with anyone else on the network. It’s not limited by national boundaries, and it facilitates free expression, commerce and innovation in ways that we could never have imagined even 20 or 30 years ago.

Some governments, however, are attempting to create borders on the web without full consideration of the consequences their actions may have on their own citizens and the economy. Last month, the Kazakhstan Network Information Centre notified us of an order issued by the Ministry of Communications and Information in Kazakhstan that requires all .kz domain names, such as google.kz, to operate on physical servers within the borders of that country. This requirement means that Google would have to route all searches on google.kz to servers located inside Kazakhstan. (Currently, when users search on any of our domains, our systems automatically handle those requests the fastest way possible, regardless of national boundaries.)

We find ourselves in a difficult situation: creating borders on the web raises important questions for us not only about network efficiency but also about user privacy and free expression. If we were to operate google.kz only via servers located inside Kazakhstan, we would be helping to create a fractured Internet. So we have decided to redirect users that visit google.kz to google.com in Kazakh. Unfortunately, this means that Kazakhstani users will experience a reduction in search quality as results will no longer be customized for Kazakhstan.

Measures that force Internet companies to choose between taking actions that harm the open web, or reducing the quality of their services, hurt users. We encourage governments and other stakeholders to work together to preserve an open Internet, which empowers local users, boosts local economies and encourages innovation around the globe.

Inside the Big Tent

(Cross-posted from the European Public Policy Blog)

At our European Zeitgeist event, held annually near London, we traditionally erect a large marquee for a partner dinner and entertainment. This year we wondered if there was anything else we could do with the space once Zeitgeist was over. In that instant, the Big Tent was born.

Canvas aside, the term "big tent" has, of course, a political connotation. Wikipedia defines it as "seeking to attract people with diverse viewpoints...does not require adherence to some ideology as a criterion for membership." That just about sums up the idea behind last week’s Big Tent conference, which focused on debating some of the hot issues relating to the internet and society.

We invited the advocacy groups Privacy International and Index on Censorship—both of whom have criticised Google in the past—to partner with us in staging the debates, and sought diverse viewpoints among the speakers and the delegates.

Topics on the agenda included: what was the role of technology in the revolutions in the Middle East? What are the limits of free speech online? Do we need tougher privacy laws or are we in danger of stifling innovation? Can technology and access to information be used to help prevent conflict?

The result was a stimulating day of debate featuring the likes of Big Brother television producer Peter Bazalgette, Mumsnet founder Justine Roberts and the U.K. Culture Secretary Jeremy Hunt alongside Googlers including Eric Schmidt, Google Ideas’ Jared Cohen and the Egyptian activist Wael Ghonim, and a highly engaged and knowledgeable audience of NGOs, policy advisers, tech businesses and journalists.



You can watch highlights on YouTube and see event feedback on Twitter. We hope to bring the Big Tent to other regions over the coming year.

An update on Buzz

User trust really matters to Google. That’s why we try to be clear about what data we collect and how we use it—and to give people real control over the information they share with us. For example, Google Dashboard lets you view the data that’s stored in your Google Account and manage your privacy settings for different services. With our Ads Preferences Manager, you can see and edit the data Google uses to tailor ads on our partner websites—or opt out of them entirely. And the Data Liberation Front makes it easy to move your data in and out of Google products. We also recently improved our internal privacy and security procedures.

That said, we don’t always get everything right. The launch of Google Buzz fell short of our usual standards for transparency and user control—letting our users and Google down. While we worked quickly to make improvements, regulators—including the U.S. Federal Trade Commission—unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we’ve reached an agreement with the FTC to address their concerns. We’ll receive an independent review of our privacy procedures once every two years, and we’ll ask users to give us affirmative consent before we change how we share their personal information.

We’d like to apologize again for the mistakes we made with Buzz. While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.

Celebrating Data Privacy Day

(Cross-posted on the Public Policy Blog)

It’s become a welcome tradition: Today is the fourth annual Data Privacy Day. Dozens of countries have been celebrating with events throughout the week to inform and educate us all about our personal data rights and protections.

This is the first year I’ve marked this day as director of privacy across both engineering and product management at Google. I’ve chosen to spend the day in Washington, D.C., where there’s a been a lot of robust and productive discussion lately. People from Congress, the Federal Trade Commission, the Department of Commerce, and industry and consumer groups have been contributing to these important conversations about how to best protect people’s data, and we’re happy to be participating too. I’m doing my part by bringing my geek sensibilities into a public discussion that we’re hosting today. In fact, that’s what we’re calling it: “The Technology of Privacy: When Geeks Meet Wonks.” I’ll be joined on the panel by technologists from the Electronic Frontier Foundation, the Federal Trade Commission and the National Institute of Standards and Technology. If you can’t attend in person, don’t worry—we’ll be uploading a video of the event later in the day on our Public Policy blog and you’ll also be able to see it on the Google Privacy Channel on YouTube.

On this Data Privacy Day, a major focus for Google is on creating ways for people to manage and protect their data. We’ve built tools like the Google Dashboard, the Ads Preferences Manager and encrypted search, and we’re always working on further ideas for providing transparency, control and security to empower our users. For example, earlier this week we launched an extension for Chrome users called Keep My Opt-Outs, which enables you to opt out permanently from ad tracking cookies. And pretty soon we’ll be extending the availability of 2-step verification, an advanced account security solution that is now helping protect more than 1,000 new accounts a day from common problems like phishing and password compromise. Right now it’s available to Google Apps Accounts; we’ll be offering it to all users in the next few weeks.

Data Privacy Day 2011 reminds us that as industry and society are busy moving forward, we face new challenges that together we can tackle through conversation and innovation. We’re eager to be part of the solution.

Creating stronger privacy controls inside Google

(Cross-posted on the Public Policy and European Public Policy Blogs)

In May we announced that we had mistakenly collected unencrypted WiFi payload data (information sent over networks) using our Street View cars. We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here. So we’ve spent the past several months looking at how to strengthen our internal privacy and security practices, as well as talking to external regulators globally about possible improvements to our policies. Here’s a summary of the changes we’re now making.
  • First, people: we have appointed Alma Whitten as our director of privacy across both engineering and product management. Her focus will be to ensure that we build effective privacy controls into our products and internal practices. Alma is an internationally recognized expert in the computer science field of privacy and security. She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role.

  • Second, training: All our employees already receive orientation training on Google’s privacy principles and are required to sign Google’s Code of Conduct, which includes sections on privacy and the protection of user data. However, to ensure we do an even better job, we’re enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data. In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy.

  • Third, compliance: While we’ve made important changes to our internal compliance procedures in the last few years, we need to make further changes to reflect the fact that we are now a larger company. So we’re adding a new process to our existing review system, in which every engineering project leader will be required to maintain a privacy design document for each initiative they are working on. This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team.
We believe these changes will significantly improve our internal practices (though no system can of course entirely eliminate human error), and we look forward to seeing the innovative new security and privacy features that Alma and her team develop. That said, we’ll be constantly on the lookout for additional improvements to our procedures as Google grows, and as we branch out into new fields of computer science.

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.