Google's new privacy policy has a loophole a good lawyer could manuver a battleship through:
We do not rent or sell your personally identifying information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:
...
* We have your consent.
...
* We conclude that we are required by law or have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public.
What happened to "Do No Evil?" I sure hope that my GoogleAnon Bookmarklet is working.
Posted by Geodog at July 2, 2004 04:04 PM | TrackBackMy apologies, but my web hoster has turned off commenting, due to a flood of obscene spam bringing the server to its knees. I hope to have this weblog transitioned over to Wordpress in the near future, so that I can have commenting up and working again. Until then, please feel free to send me your comments via my email contact form.. Please ignore everything below this comment.
The sub-clause you highlight is pretty common these days (though not usually with the "good faith" bit[1]), and it seems likely that a good lawyer is already crawling over Google in preparation for their post-IPO existence.
Using "if in our own interests" as an exception alongside "with your consent" seems startling, but it has a long pedigree (I think it's transposed from the legally enshrined exceptions to a Bank's implied duty of confidentuality, or perhaps from older common roots).
[1] Actually that hasn't yet made it to the Gmail-specific privacy policy
The 'battleship' test is probably whether Google would lose a class action suit if they used that clause as a loophole for, say, disclosures for marketing purposes. There's a wealth of precedent for what that clause means, and so I think they would lose such suit.
Of course if Google turned evil, they wouldn't bother abusing that clause, they'd simply use the "Changes to this Policy" clause to permit themselves to do whatever they wanted first.
Contractual protections which include unilateral change provisions are only ever as good as the party making them. Who better to trust than Google, amongst large commercial organisations? (Sorry, 'Google of a few years ago' is not allowed as an answer ;).
But for real protection (of this nature), there is no substitute for the law. Oh, and some self-help: I'm glad you like the GoogleAnon Bookmarklet :)
Speaking of Gmail, the current draft of Liz Figueroa's California law, which seems to be proceeding unopposed, isn't a bad attempt at long-term protection.
Never mind that it's now the opposite (a pro-Gmail law) of where she started (a Gmail killer), nor that it bizarrely mandates Google's "Sponsored Links", i.e. adverts, but appears to preclude their "Related Pages", i.e. unadulterated links. It's core is that Gmail scanning lives under this yoke :-
"(1) The provider does not retain for any purpose, personally
identifiable information or user characteristics obtained, derived,
or inferred from the review, examination, or other evaluation of
e-mail or instant messages, including, but not limited to, personally
identifiable information or user characteristics derived from the
contents of any e-mail or instant message, in whole or in part.
(2) The provider does not permit an employee or other natural
person to have access to the information, except as described in
subdivision (d).
(3) The provider does not transfer the information to third
parties for any purpose"
Still and all, it's best to separate your Gmail history from your surfing history. By being one of many known to Google as ID=0000000000000000 ;)
Milly
Posted by: Milly on July 3, 2004 03:23 AM