Consumers angered as Google further undermines the privacy of half a billion Gmail accounts

957By Simon Davies

Google is under fire over its decision to further weaken the privacy of Gmail users as part of the company’s new integrated terms of service. This is the latest in a sequence of controversial moves intended to force-feed the population base of Google+ by “opting-in” the users of other Google services to the company’s social network.

The aim of this latest strategy is to allow strangers on Google+ to email Gmail users even if their Gmail address isn’t known to those strangers. The initiative is likely to irritate European privacy authorities who have already ruled Google’s new terms of service unlawful. Of more immediate consequence, the move is almost sure to lead to scrutiny by the US Federal Trade Commission over likely violation of a pre-existing privacy commitment by the company.

Buzz was forced to buzz off

Buzz was forced to buzz off

Four years ago Google launched a social network called “Buzz“. The service had some potential, but instead of building the project through clean promotion – spreading the word and asking users to sign up for it – Google chose instead to co-opt Gmail users to the new service without their consent.

When this tactic was criticised by irritated users Google somewhat arrogantly responded that if people didn’t like being opted-in, they were free to opt out. Of course this assumed that users even knew they had been press-ganged into the new service in the first place or that they knew how to opt out of it.

Things went downhill fast. Private e-mail addresses were published as social network contacts and there was a huge negative response from users. The Federal Trade Commission investigated the outrage, forcing Google to reverse its strategy. The company finally settled with the FTC and agreed not to force users into new services that they haven’t signed up for. The resulting “decree” was a binding commitment.

Now Google appears to be pursuing an almost identical policy, flouting the decree and defying the FTC.

Last week the company announced that it was linking the inboxes of nearly half a billion Gmail accounts to Google+ users. By using Gmail addresses to autocomplete messages from Google+ users, Google has given total strangers a way to make contact with users through Gmail. This move significantly reduces privacy for Gmail users.

Put simply, if Gmail users want to maintain their current expectations of privacy, the company has unfairly required them to opt out of a service they never signed up for.

This move is partly aimed at combating Facebook, but it’s also an inevitable consequence of Google’s integration of user data across all services – a policy change has been declared unlawful in several European countries. The data aggregation allows Google to target more advertising and conduct more detailed profiling of users.

Facebook’s advertising strategy worries Google. The social networking giant has posted substantial revenue improvements in its mobile ad business, and its aggressive ad-sales narrative could be chewing into Google’s margins. However both companies are leveraging their ad sales on the basis of what they know about customers. Google’s entire business model, based on universal aggregation of all its customer information, results in decreasing autonomy for users.

The consequences for privacy are dangerous. Google’s action means the personal information of users will become more widely available. There is an overwhelming case that in doing so, Google has exploited its dominant position to stifle competition and expand its hold on the market even further.

Put simply, if Gmail users want to maintain their current expectations of privacy, the company has unfairly required them to opt out of a service they never signed up for.

This latest strategy could, unusually, escape direct regulatory action in Europe, if for no other reason than the Gmail addresses themselves will not – this time – be made known to strangers. The same temporary safety cannot be applied to initiatives such as “Shared Endorsements”, over which The Privacy Surgeon recently lodged complaints with fourteen EU data protection authorities. Of greater relevance is the fact that Google’s refusal to abide by its commitment to the FTC means the company’s commitments to Europe cannot be trusted.

In consistently ruling Google’s actions unlawful, European privacy authorities have made the point that users should be free to opt in to services that they choose. However, those who value privacy should not be required to be constantly vigilant every time the company introduces a new product or a service change under its universal privacy policy.

There’s a huge question hanging over what might come next.

These initiatives underscore the consequences of linking data across all Google services – a development that has angered regulators in Europe and resulted in multi-national action in the region. And at a moment when Europe is deciding on its new privacy framework, each compounding controversy by Google adds weight to calls for strengthened protections against privacy violations by the advertising giant. However the unfair competition implications may be of more immediate interest to Europe.

These tactics are central to The Privacy Surgeon’s current appeal to the European Commission over its refusal to disclose documents relating to the current EU competition investigation of Google – an investigation that we believe has not taken such unfair actions (or indeed privacy itself) into account.

The Privacy Surgeon has accused the EU competition authority of complacency over privacy issues, warning that the terms of the present inquiry are narrow and the authority has failed to take into account the full spectrum of issues. Google’s breach of the FTC Buzz decree is testament to the company’s unrelenting antagonism to both privacy and fair competition.

And of course there’s a huge question hanging over what might come next. Google has the world’s largest search database and could use that information to extend its intrusion even further. On this point both the FTC and European authorities should be on high alert.