Everything is debatable of course, but pretty much on page 1 of Google's privacy page, I see:
We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful
I object to "ads you'll find most useful" being ok under the category "provide better services to our users". If you accept the premise that better ads are useful, then pretty much everything Google does is for your own good.
What are better ads? Are they ads that really connect with you? Do they change your behavior in some significant way? What makes ads better for the consumer? What makes ads better for the marketer? My answer is that what's good for the marketer is not good for the consumer. Google is optimizing for the marketer (getting better ROI). As long as consumers are told the ads are "unintrusive" they must be good too right? When marketers have a really strong ROI, they can get their ads out there and influence customer behavior. That type of influence is not good - and does not make it better for consumers.
Useful and obtrusive are not mutually exclusive. Is it useful to have only large companies with large ad budgets peddle a slight iteration to their product line as "the next best thing", while smaller companies with a really great (superior) product don't get the exposure. The smaller company would have lower margins because they invest much more in superior materials, QA, R&D, etc. Where the larger company has an advantage because they invest more of their margin on ads. Note: I have an "MX Performance" and I would not recommend that line of mice no matter what the ads originally said.
Google's privacy policy is not misleading but they omit some of the most important information you would expect to find in a privacy policy.
When you sign up for a Google account you give Google your name, date-of-birth (DOB), location and mobile phone number. This is some of your most private and personal details. If you're signed in to your Google account while you browse the web or use your Android phone (or you use the track-everything-you-do Chrome OS), then Google records your browing habits and activity against your account. In many cases, that also gives Google some very private and personal information about you. It's no exageration to say that they know more about your online habits than you know yourself.
Given that, Google omits in their privacy policy:
- how long they keep your activity data before it is erased. Is it 6 months? 12 months? Forever?
- whether they disassociate your identity from your browsing behaviour or web activity when they look at it (i.e is the data anonymised before Google's staff view it?)
- related to the above: who sees your data inside Google? Their Privacy Policy simply states "We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations." This is too vague in my opinion particularly when you consider the gargantuan volumes of data Google collects about you.
Let me put it another way: if I asked you for your name, DOB, mobile number and location and then recorded your online activity against that information, wouldn't you expect me to tell you who sees your data, whether that data is anonymised and how long I keep that data about you?
> When you sign up for a Google account you give Google your name, date-of-birth (DOB), location and mobile phone number. This is some of your most private and personal details
> Information you give us. For example, many of our services require you to sign up for a Google Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card to store with your account
They include that.
> Google records your browing habits and activity against your account
Also clearly explained in the Chrome privacy policy:
> If you sign in to Chrome browser, Chrome OS or an Android device that includes Chrome as a pre-installed application with your Google Account, this will enable the synchronisation feature. Google will store certain information, such as history, bookmarked URLs as well as an image and a sample of text from the bookmarked page, passwords and other settings, on Google's servers in association with your Google Account
> - how long they keep your activity data before it is erased. Is it 6 months? 12 months? Forever?
I agree this would be nice to have more details on but they do detail some of the complexities involved and refer you to specific services pages for more information.
> whether they disassociate your identity from your browsing behaviour or web activity when they look at it
This appears to be really part of your next question:
> related to the above: who sees your data inside Google? ... This is too vague in my opinion
Can you give me an example of a way this could be made less vague in an acceptable fashion? I'm struggling to think of a way they could give me relevant information.
> Let me put it another way: if I asked you for your name, DOB, mobile number and location and then recorded your online activity against that information, wouldn't you expect me to tell you who sees your data, whether that data is anonymised and how long I keep that data about you?
Personally I'd make the decision ahead of time. I do appreciate your point, but only a portion of your post is valid as they are quite clear on a couple of the points.
There's a large difference (imo) between 'misleading' and 'not thorough enough'.
A couple concepts here:
Associating data with your account: This is misleading, because the bulk of information about you isn't associated with your account. Rather, it's stored in other silos associated with a non-account identifier (consider this a way to make it easy to serve more targeted ads to people who don't even have a google account). This non-account identified data can be enriched by account data (when there are co-occurrences of account activity along with non-account identifiers).
The policy is vague and misleading because they should write: "We go to great efforts to track everything we possibly can about people's behavior on the web. We've configured algorithms to connect all the dots and make information about you (found in Service A, Service B, ...) useful. So useful that we can determine enough about you to tailor your online experience in order to influence your decisions when it comes to purchases, brand recognition, political leaning, etc."
And follow it up with:
"We do this even when the influence we have over you may harm your best interests, for the purpose improving ROI for advertisers" (Obviously this line is not conducive to the policy itself, but rather a blunt explanation of the effect of it which people are categorically unaware of)
The policies don't even explain that there is a difference between people seeing your data, and algorithms acting on your data. (Algorithms acting on your data are much more effective than when people do so. But that explanation in this case is lacking - it makes it seems like it's not all connected together, but in reality it is because of how databases work, and how disparate data sets can unique identify a person with enough data)
Are you looking for examples of entire policies or do you mean misleading sentences? Are you not sure why I find them misleading (based on OPs example, et. al.), or do you disagree and find them to not be misleading?
We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful
I object to "ads you'll find most useful" being ok under the category "provide better services to our users". If you accept the premise that better ads are useful, then pretty much everything Google does is for your own good.