This article is written by Shrikar Ventrapragada pursuing Diploma in Cyber Law, FinTech Regulations, and Technology Contracts from LawSikho.
Table of Contents
Google is the undisputed king of search engines, with approximately 4.39 billion internet users, it said that there are nearly 4 billion people who use Google. Google dominates the internet, giving results to users to the information they seek through an ocean of data with astonishing accuracy and speed. But on the other hand, not only does Google record our search queries but also stores our emails (Gmail), photos (Google photos), videos (YouTube), and the list goes on and on.
Google has access to the past caches of huge amounts of personal information which makes them a serious threat to a privacy data leak. Google has access to the users’ interests, desires, wants, needs, and what not. And to add the cream to the cake, all this data is being logged and maintained in a very firm and protected environment.
In 2014, Google’s privacy practices and its policies were ranked as the worst out of the top 20 leading internet service providers. The list included the likes of Microsoft, Yahoo, Amazon, and eBay. Google’s privacy practices were termed as “an endemic threat to privacy” and they failed to practice the basic generally accepted principles of privacy practices such as the OECD privacy.
In 2018, Google witnessed a major scandal when the engineers at the company found out about a major software leakage within its Google+ programming interface. Over half-million, user’s data was compromised.
Now in 2021, let’s see how Google has maintained its privacy policies and laws with the evident change in technology.
Google is a limited liability company based out of the United States but functions all around the globe. It is considered to be one of the five big tech companies along with Amazon, Facebook, Apple, and Microsoft. The company can now be found on almost all the continents. Hence which makes it a compulsion for it to comply with all the data privacy and information laws of each of the countries.
The services of Google regularly undergo the scrutiny of verification of security, privacy, and compliance controls, after which the company earns the certification against the global standards in order to earn the trust of its customers. A few of the elements of the scrutiny are as follows:
- ISO/IEC 27001: The International Organization for Standardization (ISO) is an organization governed by an international membership of 163 national standard bodies.
- SOC: System and Organization Controls which is provided by a certified public accountant, provides confidence and peace of mind for organizations when they engage with third-party vendors.
- PCI DSS: PCI security standards council is a global forum established by the major credit card associations to make sure the organizations create a safe environment for their merchants and service providers.
- GDPR: The GDPR lays out specific requirements and guidelines for businesses and organizations that are established in Europe or whose customers are from Europe.
- Ministry Of Electronics and Information Technology: The Meity lists down the mandatory categories of services to check listed before offering services to the Indian citizens.
Principles of data protection followed by Google
Google aims to build an environment that satisfies the needs of everyone who accesses it. Protection of the users’ privacy and security is their prime responsibility which obviously comes with, after the main objective of providing services that are free and accessible by everybody. The protection of data is an important factor as technology progresses and the need of the hour is for the safety of data protection and customer information to evolve.
Google takes the following steps to make sure that the products, process and the customer’s information is kept in an environment which is private, safe and secure.
Respect the user, respect their privacy
The company believes that together they represent a single soul, the belief is that people use their products, they trust them with the information and it’s their right to do their job responsibly. This creates an obligation on Google to always safeguard the data they use, in whichever manner they use and to protect it.
Be crystal clear about whatever they collect and the reason for such a collection
In order to get full utilisation of the services, Google makes sure that they make it very easy and accessible to understand what data they have collected, how it is being used, and why the data is collected. By being transparent, the company aims to be readily available, understandable, and actionable with the information.
Never sell the user information to anyone
The users’ personal data is never simply on sale, while such information can still be used to provide relevant ads, which in return help Google fund their services and which in return eventually provides free services to its customers.
Making it easy for people to manage their own privacy
When the issue of privacy arises, it is ascertained that one size cannot fit all the data subjects. Hence a Google account is built with on/off data controls, which shall be solely governed by the user him/herself. As the technology evolves so does the company’s privacy controls evolve while ensuring that privacy is always an individual preference that wholly rests in their own hands.
Giving the power to control, review, move or delete their data as they prefer
The user has the access to the personal information that they’ve shared with the company at any point in time and even for any reason. This is why, Google also makes it easy for people to access their data, review their data and even move it to any other choice of service as they prefer to do so. They provide the option to delete the data completely from the database of Google.
Enhanced security technologies in the services
The users trust Google with their personal data because they respect the privacy of their information. In order to maintain the secured service for the users, they have employed one of the most advanced security infrastructures in the world. This basically means to constantly keep on improving the security technologies which can protect and detect, against the evolving online threats, before they can reach the Google servers.
Leading by example to advance online security for all
The company feels that keeping the users safe online does not restrict to Google only, it applies to the whole internet. Google was the first company to create many of the internet security standards that are used by almost all the service-providing companies. They share their security learnings, experience, and even the tools with other organisations. Although it may be possible that they might happen to charge some amount for it, a small cost for a huge cause should not be much of a concern for a lot of organisations.
Privacy policies of Google
Whenever any person accesses the services of Google, they are trusting them with the information. This is a very huge responsibility. They constantly work round the clock to make sure to protect the information and to also make sure that the user is always in control of the data.
The privacy policies ensure to elaborate on the following.
The information they collect
The collection of information is usually made to provide better services to the users, starting from the choice of language and ranging up to the variety of ads according to the preference of the user. The information that Google collects and how they use the information, completely rests on how the user uses the services and how they wish to control the privacy controls.
Whenever the user is inactive, the data is stored with unique identifiers tied to the web browsers or the device the user is accessing Google with. When the user is active the data is stored with his/her Google accounts which are treated as confidential data.
Google also collects the information about the user’s IP address, crash reports, date, time and:
- Activity: In the case of an Android device, if the Google services are used to make or receive a phone call or a text message, the company records the call and messaging log information such as the phone number, dialed number, email address of the sender and the recipient and also the duration of the calls.
- Location: The information about the user’s location is accessed only when the services of Google are used. This helps the company to offer us features such as directions while driving to a destination. The accuracy of the location is determined by the usage of GPS, IP address, and nearest Wi-Fi access points or telephone towers.
The reason for collecting
The information Google collects from all its services is for the following purposes:
- Providing the services,
- Maintain and improvise the services,
- To emerge with more new services,
- Personalized services depending on the preferences of one’s feed,
- Analysing its performance,
- Interaction with its users,
- For the protection of Google and its users.
How the user can handle and access the information.
The user is given the complete choice regarding his/her information the company collects and also the choice of how the information is to be used. The user can review and adjust the important privacy settings.
When the user is signed in, they can access, review, update the information by visiting the service’s app you are choosing to use. The user is given the complete choice of how they would like the company to provide them the services if at all they opt for.
The users can also manage their preferences about the ads displayed by Google. They can modify their interests and choose whether their personal information is to be used to ascertain the relevancy of the advertisements.
When the user is signed out, they can manage information related to their browser or the device, they can choose whether their YouTube history is to be tracked or not, by simply visiting the settings on the YouTube website. The user can also determine the ad settings, by managing the preferences about the ads shown by Google.
The user can at any point in time choose to delete their entire information on Google or even specific information from any of Google’s services. In case the user is inactive and cannot access their account, Google allows you to give access to someone else in order to access parts of your Google account.
Search engines are the most important elements on the internet today. For our every other work we look up the data online. Maintaining the privacy of millions of its users is a tedious job, but so are its outcomes and results. Google has a huge base of customers; at the same time, they have a wide range of services available to the customers as well starting from our mobile phones to our laptops and then even for basic necessities. So, when they draft their privacy policies and laws, they need to make sure that they cover all the elements, use the necessary newest technology and make sure that their customers’ personal information is safe and secure.
The company was founded in late 1998, from then until now they have come a long way, have faced a lot of issues but have grown more and more each day. The company now gives the control of the privacy of its customers in their own hands, they choose what information is to be stored, what information is to be processed, and what information is to be discarded.
With the introduction of the new Information and Technology Rules, 2021, all the social media companies in India are mandated to compulsorily have a chief compliance officer, a Nodal contact person, and a resident Grievance officer, whose house of residence shall be in India. Google claimed that the Information and technology Rules, 2021 are not applicable to them as they are not social media platform but are rather a “Search Engine”
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: