Google France SARL
38, avenue de l'Opera
Main: +33 (0) 1 42 68 53 00
Fax: +33 (0) 1 53 01 08 15
Australian Privacy Commissioner
Paris, February 29, 2012,
Dear Commissioner Pilgrim,
Thank you for your letter of February 23, 2012 on behalf of the Asia Pacific Privacy Authorities about Google's plans to update our privacy policies by consolidating them into one document, publicly available on our site at www.google.com/policies/privacy/preview. We are responding directly to you, respectfully requesting that you distribute this response amongst your fellow APPA members who co-signed your letter.
There are several other key points that we appreciate the opportunity to clarify:
Our users can use as much or as little of Google as they want. For example, a user might have a Google Account and choose to use Gmail, but not use Google+. Or she could keep her data separated with different accounts — for example, one for YouTube and another for Gmail.
We will continue to offer our data liberation tools. Our users will continue to have the ability to take their information elsewhere quickly and simply (more information about data liberation is available at www.dataliberation.org).
There are two reasons why we're updating our privacy policies: to make them simpler and more understandable, and to improve the user experience across Google.
The first reason is simplicity. Google started out in 1998 as a search engine, but since then, like other technology companies, we've added a whole range of different services. Gmail, Google Maps, Google Apps, Blogger, Chrome, Android, YouTube, and Google+ are just a few of our many services now used by millions of people around the world.
For example, today we make it easy for a signed-in user to immediately add an appointment to her Calendar when a message in Gmaillooks like it's about a meeting. As a signed-in user she can also read a Google Docs document right in her Gmail, rather than having to leave Gmail to read the document. Our ability to share information for one account across services also allows signed-in users to use Google+'s sharing feature — called "circles" — to send directions to family and friends without leaving Google Maps. And a signed-in user can use her Gmail address book to auto-complete an email address when she's inviting someone to work on a Google Docs document. These are just a few examples of how we make our users' experience seamless and easy by allowing information sharing among services when users are signed into their Google Accounts.
People can still set up multiple accounts to manage multiple identities, move data between those accounts with Data Liberation tools, and prevent information from one account from being used to personalize another account. If Jane wants to use Google Docs and keep that separate from her personal Google+ account, she may create a firstname.lastname@example.org account that she uses for Docs, and a email@example.com account that she uses for sharing on Google+.
In your letter, you note that the new policy does not include specific data retention deadlines for user data, in contrast to some product-specific privacy policies in the past. In particular, you mention Google Health which, as you may know, is in the process of being shut down.
We make good-faith efforts to provide our users with access to their personal information and to delete such data at their request, if it is not otherwise required to be retained by law or for legitimate business purposes.
Our data archiving system was originally built to provide highly reliable data retention in order to prevent data loss in case of failures, which must be balanced against deletion requests. After receiving a deletion request from a user, archived copies will expire and the archival system has mechanisms to subsequently overwrite expired archived data. So, while immediate deletion is not always practicable due to the way this archiving system operates, Google has processes in place to remove user data from active serving systems within a reasonable period of time after a user asks us to close his or her Google Account.
Android users will continue to have many choices about whether and how they use Google services on their devices.
Android users can access nearly all of the functionality of their device without a Google Account. They can use the phone to place calls, send text messages, browse the web, download applications from third party markets, use third party applications, and use Google applications that do not require account authentication such as Google Maps. In addition to the Gmail application, users can use alternate email services on Android phones through the open-source Android email application, through the web browser, or through specific email client applications, such as Yahoo! Mail or Microsoft Hotmail for Android.
Some Google applications such as Android Market and Gmail require authentication with a Google Account in order to provide the service. For example, users must remain logged into an email client in order to receive their email in real time; otherwise, there is no means by which the email client can retrieve messages from the server for the end user.
If a user chooses to log into her Google account on her Android device, she has many options available to control how Google uses her information, similar to the desktop experience.
For example, from an Android phone, a user can access the same search history functionality that exists on the desktop. The mobile application automatically links to the web browser, where the user manages the search settings in exactly the same browser interface for mobile and desktop. In the browser, a user can turn search history on or off, edit queries, or delete the history entirely. Android users can also use the incognito mode in the browser to avoid the storage of any browsing history on their devices.
Thank you for your thoughtful questions, and I hope that this has resolved your concerns. In any case, we are committed to an on-going constructive dialogue with the members of APPA, and in that spirit, I welcome the opportunity to work with you in the future to ensure the highest levels of privacy protection for our users.
Global Privacy Counsel
Société à Responsabilité Limitée unipersonnelie au capital de 7,500 €
443061 841 R.C.S. PARIS - SIRET : 443 061 841 00039 - APE 724Z
TVA intra: FR 6444 3061 841 00021