[chestnut-tree]

"Please provide 3 misleading examples."

Google's privacy policy is not misleading but they omit some of the most important information you would expect to find in a privacy policy.

When you sign up for a Google account you give Google your name, date-of-birth (DOB), location and mobile phone number. This is some of your most private and personal details. If you're signed in to your Google account while you browse the web or use your Android phone (or you use the track-everything-you-do Chrome OS), then Google records your browing habits and activity against your account. In many cases, that also gives Google some very private and personal information about you. It's no exageration to say that they know more about your online habits than you know yourself.

Given that, Google omits in their privacy policy:

- how long they keep your activity data before it is erased. Is it 6 months? 12 months? Forever?

- whether they disassociate your identity from your browsing behaviour or web activity when they look at it (i.e is the data anonymised before Google's staff view it?)

- related to the above: who sees your data inside Google? Their Privacy Policy simply states "We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations." This is too vague in my opinion particularly when you consider the gargantuan volumes of data Google collects about you.

Let me put it another way: if I asked you for your name, DOB, mobile number and location and then recorded your online activity against that information, wouldn't you expect me to tell you who sees your data, whether that data is anonymised and how long I keep that data about you?

[hahainternet]

> When you sign up for a Google account you give Google your name, date-of-birth (DOB), location and mobile phone number. This is some of your most private and personal details

> Information you give us. For example, many of our services require you to sign up for a Google Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card to store with your account

They include that.

> Google records your browing habits and activity against your account

Also clearly explained in the Chrome privacy policy:

> If you sign in to Chrome browser, Chrome OS or an Android device that includes Chrome as a pre-installed application with your Google Account, this will enable the synchronisation feature. Google will store certain information, such as history, bookmarked URLs as well as an image and a sample of text from the bookmarked page, passwords and other settings, on Google's servers in association with your Google Account

> - how long they keep your activity data before it is erased. Is it 6 months? 12 months? Forever?

I agree this would be nice to have more details on but they do detail some of the complexities involved and refer you to specific services pages for more information.

> whether they disassociate your identity from your browsing behaviour or web activity when they look at it

This appears to be really part of your next question:

> related to the above: who sees your data inside Google? ... This is too vague in my opinion

Can you give me an example of a way this could be made less vague in an acceptable fashion? I'm struggling to think of a way they could give me relevant information.

> Let me put it another way: if I asked you for your name, DOB, mobile number and location and then recorded your online activity against that information, wouldn't you expect me to tell you who sees your data, whether that data is anonymised and how long I keep that data about you?

Personally I'd make the decision ahead of time. I do appreciate your point, but only a portion of your post is valid as they are quite clear on a couple of the points.

There's a large difference (imo) between 'misleading' and 'not thorough enough'.

[rchmura]

A couple concepts here: Associating data with your account: This is misleading, because the bulk of information about you isn't associated with your account. Rather, it's stored in other silos associated with a non-account identifier (consider this a way to make it easy to serve more targeted ads to people who don't even have a google account). This non-account identified data can be enriched by account data (when there are co-occurrences of account activity along with non-account identifiers).

The policy is vague and misleading because they should write: "We go to great efforts to track everything we possibly can about people's behavior on the web. We've configured algorithms to connect all the dots and make information about you (found in Service A, Service B, ...) useful. So useful that we can determine enough about you to tailor your online experience in order to influence your decisions when it comes to purchases, brand recognition, political leaning, etc." And follow it up with: "We do this even when the influence we have over you may harm your best interests, for the purpose improving ROI for advertisers" (Obviously this line is not conducive to the policy itself, but rather a blunt explanation of the effect of it which people are categorically unaware of)

The policies don't even explain that there is a difference between people seeing your data, and algorithms acting on your data. (Algorithms acting on your data are much more effective than when people do so. But that explanation in this case is lacking - it makes it seems like it's not all connected together, but in reality it is because of how databases work, and how disparate data sets can unique identify a person with enough data)