Goobris: Google Expecting Less Privacy Regulation than its Competitors

Published May 15, 2016

Why does the company that by far collects the most private information that the FCC claims it wants to protect, and that also has the worst consumer privacy protection record with the FTC, (Google), get 99% exempted from the telecom and cable privacy protections expected of telephone, broadband, cable and satellite providers?  

Is it the same reason, that the edge platforms with much more gatekeeper power and private data collection opportunity than ISPs somehow warrant no FCC privacy regulation? (See info-graphic here; explanation here.)

How can the U.S. credibly demand a data safe harbor in the EU on the basis of promises that the U.S. has vigilant, robust and comprehensive privacy enforcement in the U.S., when the worst privacy offender in both Europe and the U.S., Google, de facto enjoys special lenient privacy treatment from both the current FTC and the current FCC?

Those are good questions for the Senate Judiciary Committee to ask FCC and FTC leadership this week at its privacy oversight hearing, which in part is examining why the FCC and FTC appear more interested in protecting Google and other Big Internet companies from privacy regulation, than in protecting consumers’ expected communications and viewing habits privacy.

What are the facts?

Google collects and stores vastly more private information than any other entity – see the evidence here. Google also has the worst privacy record of any major American company – see the evidence here. Google’s dominant mobile operating system, Android, also has the worst data protection record of any major American company – see evidence here. To understand why Google is a uniquely problematic privacy problem, see the detailed analysis and evidence here.

Google serves ~3x times more Americans than any ISP. Google currently boasts that YouTube has a larger primetime viewing audience than the top ten U.S. TV shows combined.

Google collects  vastly more private information than any ISP: IP addresses via Search, Analytics, Cookies, & Chrome; Email addresses via Gmail scanning & Postini filters; WiFi, SSID & MAC addresses via WiFi war-driving; Phone/mobile #s via Play, search, Android, Voice, Talk; Voiceprint recognition: via Hangouts, Translate, YouTube; Face-print recognition via Google+, Photos, YouTube; 103 Languages identified via Translate, Voice, Video; Home info: via Maps, Earth, StreetView, Android, Play; personal info via Account, apps, product, service registrations; Social Security, passport &license #s via Desktop Search; Credit card & bank info: Checkout, Shopping, & Wallet; Health identifiers by Search, Google+, Gmail, News, Books; and Click-print IDs via analysis of multiple web histories.  

Where is the special treatment of Google?

Concerning the FCC’s Title II Section 222 privacy rules that apply to telecommunications, a week before the FCC voted on the Open Internet order, Google submitted an ex parte recommendation to the FCC, that the FCC adopted, that said both the FCC and the Verizon v. FCC court were wrong in their understanding of telecommunications. This last minute legal interpretation whipsaw, meant Google politically exempted itself not only from Title II Section 222 privacy rules, but also exempted itself from CALEA responsibilities to cooperate with law enforcement investigations.

Concerning the privacy rules for the AllVid set-top box proceeding, Google’s commentsclaimed special treatment in so far as they urge the FCC to not apply cable and satellite viewing-habit privacy regulations to over the top video like Google. Effectively Google is rejecting the overwhelming bipartisan votes in 1992 and again in 2004 for ensuring that consumers’ video viewing habits were private not public information.

Google’s AllVid comments to the FCC also glistened and wafted in “Goobris,” (defined as hubris to the Google power), in telling the FCC that it did not need to try and regulate Google because “the robust privacy and data security protections that already apply at the federal and state levels will continue to protect consumers.”

Some context is essential to grasp the full extent of Goobris here.

Concerning State law enforcement, let’s not forget that for over a year during 2015 and 2016, Google secured a Federal Court injunction that effectively prevented any state law enforcement authority from even investigating an alleged Google violation of any state consumer protection law, including state privacy laws. For those shaking their head in disbelief how such a perverse outcome could or did happen, here is the documentation and explanation of this dark period in state law enforcement vis-á-vis Google.

Concerning FTC law enforcement vis-á-vis Google, let’s not forget that since the FTC abruptly and suspiciously dropped all FTC antitrust charges against Google in January 2013, including its Android investigation without a peep, the FTC has not enforced privacy law against Google.

That is remarkable because Google is the only company that sufficiently violated the FTC’s privacy policy to warrant a twenty-year, FTC-Google-Buzz privacy order, AND also seriously violated it within the first year, resulting in a settlement and the highest FTC privacy fine ever, $22m, for hacking into Apple’s iPhones to change consumers’ privacy and security settings to allow Google to track and advertise without consumers knowledge and consent.

Making matters worse, since then, the FTC has ignored repeated charges and evidence that Google has further violated its FTC-Google-Buzz privacy order.

A December 2015 EFF petition and complaint to the FTC charged that Google violated its promise to protect students’ privacy in publicly signing the Student Privacy Pledge. To date the FTC has done nothing.

It gets worse.

The FTC has known of Google Apps for Education serious privacy problems for almost two years with no action. 

In March 2014, Education Week reported that Google was exposed in a civil suit deposition to have secretly read all student-Gmail before it was received without any notice or “informed consent,” for the commercial purpose of creating a targeted advertising profile on the student for the future. In an April 2014 mea culpa blog post, Google effectively had to admit that for three years until April 29th 2014, Google secretly had been illegally collecting private student data for advertising purposes in violation of their public privacy representations and FERPA. The analysis here by world-leading privacy advocate Simon Davies explains why this three-years-late, Google privacy invasion disclosure affecting minors is especially serious, inadequate and misleading.

In short, Congressional overseers should question how the FTC and FCC can defend the least privacy regulation/enforcement of the worst consumer privacy violator?

And also ask why consumers’ privacy interests overall, have apparently been subordinated to Google’s corporate interests?

[Originally published at the Precursor Blog]

Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, an emergent enterprise risk consultancy for Fortune 500 companies, some of which are Google competitors, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests. He is also author of “Search & Destroy: Why You Can’t Trust Google Inc.” Cleland has testified before both the Senate and House antitrust subcommittees on Google and also before the relevant House oversight subcommittee on Google’s privacy problems.