It’s starting to feel a bit like déjà vu. Barely a week seems to go by these days without Google coming under pressure over its privacy policies.
And while the furore over their plans to provide censored searches in China continues to rumble on, the last few days has seen the internet behemoth coming under pressure over both Gmail privacy and the privacy of kids on YouTube.
Outside apps can still read your Gmails
Both stories come ahead of a Congressional hearing on privacy next week when Google is clearly expected to take a pretty big verbal kicking from US Senators. Perhaps trying to blunt the sting of that showdown, a letter from Google to three US Senators has gone public.
In the letter, Google confirms that it does still let some outside apps access the content of Gmail users’ emails. We reported back in July on the Wall Street Journal’s report into this, which was described at the time as ‘tech’s dirty secret’.
At the time, Google responded by saying that all such apps were carefully vetted, and users had to grant permissions before they could answer content, but as we pointed out in that previous article, many of the privacy controls needed to manage this are hidden away pretty well by Google.
It is also notable that Google has also stopped using the content of Gmail’s for advertising purposes for all users last year. Nevertheless, Google continued to push the old line of defence in the newly released letter from Google vice-President Susan Molinari.
She insists that app developers must be transparent about how they use this data. That all sounds fine in theory, but the big question is how it works in practice. The WSJ report in July highlighted how some apps were reading email content manually for things like staff training and building new app features.
It is safe to say that no Gmail user is going to have knowingly signed up for their emails to be used in that way. It will be interesting to see how much the Senate Committee can dig don into this issue later this week.
Does YouTube violate kids’ privacy?
Separately, two US Congressmen, have written to Google CEO Sundar Pichai this week to raise the issue of online privacy for children using YouTube.
The letter, which has been sent by Rep. David Cicilline (D: Rhode Island) and Rep. Jeff Fortenberry (R: Nebraska) has enquired how much data Google collects about child users.
Their letter comes in the wake of a complaint to the Federal Trade Commission (FTC) which has come from a number of privacy activists.
They have argued that YouTube is in violation of the Children’s Online Privacy Protection Act (COPPA). COPPA is a piece of legislation which bans child-oriented websites from collecting personal information from children under the age of 13 without their parents’ consent.
Google has registered a fairly straightforward defence of this case, arguing that YouTube is not for children aged under 13 and pointing out that they have a separate app, YouTube kids, which is targeted at that age group.
The privacy campaigners have pointed out that, in reality, millions of kids still use the main YouTube site for watching content and are therefore subject to the same data harvesting that all YouTube and Google customers face as the company looks to maximise its advertising revenue.
They also point out that all of the content that is available on YouTube Kids, plus more, can be accessed through the main YouTube site and that Google doesn’t do enough to push young users to their child-friendly service.
The FTC has yet to confirm if it will be carrying out an enquiry, but they are under pressure to do so, not least because many children’s activists have already accused them of not doing enough to enforce COPPA.
Google’s response to that letter is likely to come after this week’s Congressional hearing, but it all adds to the privacy pressure that is being piled on the company and serves to raise awareness of online privacy issues among Google users.
It will be intriguing to see whether Google can emerge from this period with its reputation intact, or whether in the wake of their decision to drop the corporate ‘Don’t be Evil’ motto, their dreadful reputation for protecting user privacy will be shredded even more.