Google Focuses on Privacy in Every Way but the Ones that Count

Google (GOOG) finally admitted that it "mistakenly" gathered not only fragments of data during its extended drive-by Wi-Fi data vacuuming, but also "in some instances entire emails and URLs were captured, as well as passwords."

No, really? Who'd have thought it? Well, almost anyone who gave more than a minute or two of consideration to the issue. So now Google plans to make everything good by adding a director of privacy, but also additional employee training and a new compliance process. Perhaps the combination will have a positive effect on what Google does, but it all fights against a significant problem: Google needs consumer personal data to make money. And when it comes to principle versus principal, guess which one wins.

The now admitted and established fact that Google had snapped up private data in its quest to own all information everywhere is hardly a shock. Not only was it clear practically from day one that the company likely had snagged information that people would consider sensitive, but also that the problem could extend from privacy issues into potential wire tapping. That Google might walk away from the massive mess with nary a hair out of place was absurd. Something had to change.

However, as happens with so many companies, the need for change stands in sharp contrast with the need to continue doing exactly as before. On one hand, Google touts its new three part approach to privacy, as the company explained on its official blog:

• "First, people: we have appointed Alma Whitten as our director of privacy across both engineering and product management. Her focus will be to ensure that we build effective privacy controls into our products and internal practices. Alma is an internationally recognized expert in the computer science field of privacy and security. She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role."
• "Second, training: All our employees already receive orientation training on Google's privacy principles and are required to sign Google's Code of Conduct, which includes sections on privacy and the protection of user data. However, to ensure we do an even better job, we're enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data. In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy."
• "Third, compliance: While we've made important changes to our internal compliance procedures in the last few years, we need to make further changes to reflect the fact that we are now a larger company. So we're adding a new process to our existing review system, in which every engineering project leader will be required to maintain a privacy design document for each initiative they are working on. This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team."

Google depends on keeping data about consumers to help make it more competitive in search, which is, after all, its bread and butter business. For example, the company presumably continues to scan Gmail traffic to see what people have written:

All email services scan your email. They do this routinely to provide such popular features as spam filtering, virus detection, search, spellchecking, forwarding, auto-responding, flagging urgent mess ages, converting incoming email into cell phone text messages, automatic saving and sorting into folders, converting text URLs to clickable links, and reading messages to the blind. These features are widely accepted, trusted, and used by hundreds of millions of people every day.Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.

It is important to note that the ads generated by this matching process are dynamically generated each time a message is opened by the user--in other words, Google does not attach particular ads to individual messages or to users' accounts.

When email messages are fully protected from unwanted disclosure, the automatic scanning of email does not amount to a violation of privacy. Neither email content nor any personal information is ever shared with other parties as a result of our ad-targeting process.

None of that is going to stop, and I'd argue that the potential for breaching someone's privacy is far stronger there. And it's not as if Google has been a simple privacy rube, making one innocent mistake after another, as I've explained before.

A constant in management is that no matter what rules a company sets, employees and managers will do what they must to ensure the continuation of their compensation. Unless and until a significant portion of how Google pays employees depends on supporting privacy, there will be no change at the company and all of its current improvements will be only so much window dressing.

Related:

• Google Needs Your Privacy To Tell You What You Want To Know
• Google Can't Get Off the Hook as the Wi-Fi Investigation Grows
• FTC Teaches Twitter that Regulators Have Sharp Teeth
• Google's Big Wi-Fi Problem May Be Wiretapping, Not Privacy
• Google's Management Arrogance: Wi-Fi Data Slurp-Up Shows No One's Running the Store