Google and Privacy Laws
Google and many services like it, over free applications, such as email, analytics, search portals, etc., in hopes of attracting users to their site, collecting their information and then monetizing their personal information to help in marketing and advertisements. This is a fairly standard practice among these large internet giants that unbeknownst to some users, their information is being collected and potentially sold to companies without their verbal or signed consent. Instead consent is implied by using these services. Is this an ethical path for a company like Google?
First, how does Google track this information? Google, across mobile and desktop, gathers information utilizing a third-party tracking tool, such as DoubleClick (a large ad network), who then sells the data to other advertisers. Essentially, Google owns the data but DoubleClick sells the data to marketers. In order to gather this information Google and DoubleClick utilize code, such as cookies, spyware or Web Bugs. For an example on how these work, Web Bug is a piece of code that allow advertisers to track information invisibly since it is not stored on the computer. They can even track a user from one website to another website and can even see how down a user scrolls on a page. (Goldfarb & Tucker, 2011).
Now that we understand how Google is collecting the information, what has been the public and government's response? One of the first laws/cases regarding this issue in the United States was in the "Do Not Track Online Act of 2011". The proposed bill wanted to bolster the FTC (Federal Trade Commission) to create lows on the collection and use of user's information. Unfortunately, the law was not enacted. (Erramilli, 2012).
Abroad, specifically in Europe, have had more success instilling tougher laws on internet privacy. Below are a few examples of these laws and initiatives:
- European Union: “Privacy and Electronic Communications Directive”: This law, originally passed in 2002 with amendments continuing through 2011, manages internet services and users' rights with electronic communications and services. It also manages the storing and mining of personal data and protects the privacy of all users. It is up to the government to enforce these consumer protection laws. (Directive 2009/136/EC of the European Parliament and of the Council, Nov. 25, 2009)
- France: June 2004, “Trust in Computer Processing in the Economy Act": This act manages internet services and users' privacy in relation to electronic communications and services. It is meant to protect personal data and privacy online. It is up to the government to enforce these laws. (Directive 2009/136/EC, Article L. 34-5 of the Code of Post and Telecommunication)
- Germany: June 2005, Telecommunications Act in 2005 and then replaced by the German Telemedia Act in 2007: The original 2005 Act was to establish parameters for the exchange of electronic information and online communication. The Act of 2007 kept the majority of the 2005 Act intact with the exception of a few consolidations or programs. The purpose of this Act is to establish uniform economic conditions for the various applications of electronic information and communication services. (Sokoll & Enaux, 2007)
- Italy: January 2004, The consolidated Data Protection Code: This act encourages companies to use non-personal data whenever applicable, to notify the user when possessing high risk data and for websites to have a "complaint" section for users to give feedback. (Data Protection Code - Legislative Decree no. 196/2003)
Along with a public response there has been a private response to companies tracking your personal information. Private companies like mydex.org and i-allow.com offer a paid service to work in-between the marketers and the users. These companies work with the users to signal acceptance to the marketers that they are allowed to use the user’s information. (Goldfarb & Tucker, 2011).
There is a lot of momentum around the protection of user data and privacy, which I believe is the correct pathway. However, even with all these public and private stances on limiting data mining, I do not find it unethical. I am receiving a multitude of services in exchange for how I shop, what I click through, how long I stay on a page, what my profession is, etc. All information I willingly give on Facebook and would probably tell any acquaintance. In fact through my blog I am mine data every day, I see how often users read my blog, how long they stay on my page and while I don't sell their data to someone else, I have used this data to make my blog more effective and more well-read. You cannot expect to receive all of these services without any form of payment. If I do not agree to these terms then I will not use their services, as I would with any other service agreement.
However, for those who do want to more energy put towards verbally or written internet user consent there are a few potential solutions.
- Google and other content providers could provide an options where they can charge for using the website/services and in return would not collect personal data on the user. However, the allure of free services probably trumps any service from doing this.
- Users can install browser blocks, like adblock, to block content providers from mining their information and data.
- For some browser, there is a "do not track" option, which one could indicate in order to not have their information mined. (Chrome does not support this option, surprised?)
- Companies, like Privad, offer a solution where the most personal data stays to the device. It is a transactional privacy where the user can share information that they want and the user gets paid for what they share. (Erramilli, 2012)
Even though I have described a variety of public and private methods to preserve privacy, and even methods for a user to personally preserve their information I do not find it unethical for companies like Google to track and sell my data. These companies should receive compensation for their services and gathering data is their preferred method. I personally benefit from their practices and even take part in these practices to increase the readability of my blog. Also, it is not up to the company to hand hold users into what a service agreement is and should be up to the user to figure out what they are paying and what they are getting in return. However, I am glad there are resources for individuals who are not comfortable with their personal information being shared, and that is what is great about the internet - it is up to you whether you want to use it and how to use it.
References:
Directive 2009/136/EC, Article L. 34-5 of the Code of Post and Telecommunication
Directive 2009/136/EC of the European Parliament and of the Council, Nov. 25, 2009
Erramilli, V. (2012). The tussle around online privacy. IEEE Internet Computing, 16(4), 69-71. doi:10.1109/MIC.2012.92
Goldfarb, A., & Tucker, C. E. (2011). Privacy regulation and online advertising. Management Science, 57(1), 57-71. doi:10.1287/mnsc.1100.1246
Sokoll, K & Enaux, C. (2007). Germany - New Telemedia Act Introduced. Linklaters. Retrieved on February 23, 2015 from: http://www.linklaters.com/Insights/Publication1403Newsletter/PublicationIssue20070324/Pages/PublicationIssueItem2217.aspx
