The news that Google will be consolidating its privacy policies and the information that it collects from users across its services has raised fears about privacy. A bipartisan group of eight members of the U.S. House of Representatives publicly expressed concern about these policies, and Rep. Ed Markey has asked the Federal Trade Commission to investigate whether the policies violate the terms of the 2011 Google Buzz settlement.
Google has responded with a defense of its new policies as simplifying the user experience by consolidating the policies of its many products and by using the accumulated data to provide more relevant advertising and search results to its users. It also suggests some basic workarounds for users concerned about their privacy.
There are clear tradeoffs involved in the new privacy policy, but what does it suggest for the growing problem of data privacy more generally? Despite the seeming novelty of privacy problems in the age of the Internet, we can learn a few lessons by turning to privacy problems at the beginning of the information age. In 1964 the Bureau of the Budget and the National Archives jointly took over the creation of the proposed National Data Center, which would centralize the storage and processing of information across government agencies. Yet the inefficiencies in data processing that motivated this project also provided basic privacy protections for individuals. If the premise behind centralizing data was that it would reduce redundancies in data collection and provide a wider range of information to agencies, the premise behind the opposition was that information should only be available on an as-needed basis. Congressional opposition to the National Data Center was led by Rep. Cornelius Gallagher of New Jersey. By the end of 1967 the civil libertarians had killed off the data center. This victory created immediate problems for the privacy movement: instead of having one body in charge of creating standards for handling information, there were now many such standards. The protection that came from decentralization could not necessarily match the protections that could be created through good policy. (For more on the National Data Center, see Arthur R. Miller, The Assault on Privacy (Ann Arbor: University of Michigan Press, 1971).)
Google, of course, is not the state. The power to target advertisements is not the state’s police power, and those of us interested in privacy in the digital age do ourselves no favors by failing to acknowledge this. At the same time, the reassurances from Google that multiple accounts are sufficient to compartmentalize the presentation of our digital selves do not ring true. Our lives are not so easily compartmentalized, and for better or worse, the internet has become an integral part of contemporary life. In thinking about where privacy policies should be, we should hold as our ideal a notion of privacy that accords with our actual practices, not merely with the convenience of internet companies.
We are not wrong to demand greater control over the use of information gathered in bulk as we wander the web. Without denying the importance of Google as a platform for advertising (and I certainly don’t begrudge them their need to bring in revenue), or their interest in tailoring search results to be useful to us, these uses do not come close to fully describing the ways in which we have incorporated this technology into our lives. In much the same way, the hopelessly limited description of identity invoked by Mark Zuckerberg (on which, see Zadie Smith’s probing essay) points to a fundamental tension between Facebook’s mission as a company and its uses by an endlessly diverse population of users. Control of user data is not only about data owned by one tech company or another, but about the definition of the self on the internet. These websites are partly products within a marketplace, but their significance to their users extends much farther than that definition suggests. The legal regime for data protection should be designed accordingly.
The new Google privacy policy therefore creates the possibility of establishing greater public control over the use of user data on the internet, as well as the possibility of losing even more ground on privacy matters. Centralization raises the stakes of the debate. These days it does not seem promising to turn to the state to protect civil liberties. But if the problem is that data privacy policies have been left to the companies that use the data, we may have few alternatives. Unfortunately, Congress has given us little reason to hope that it will craft wise legislation to protect privacy. Until then, we can look forward to continuing the cycle of outrage over relaxed privacy policies, followed by assurances of good intentions on the part of internet companies, followed by our acceptance of the status quo.
Trackbacks/Pingbacks