News

Google’s Privacy Moves: Who Benefits?

By Matthew Scott

If you’ve noticed changes to Google’s products over the last year and thought they were made for your benefit, think again.

Experts who’ve tracked changes Google has made to its products told Digital Privacy News that the adjustments “fit a pattern” that in some ways contributed to the U.S. Justice Department and 11 state attorneys general filing antitrust litigation against the online behemoth in October.

While the company generally presents the changes as privacy-related enhancements to benefit users, experts argued that the moves also allowed Google to strengthen its dominance in certain markets and to shield itself from anticipated regulatory compliance action. 

“Whenever Google rolls out a new feature or functionality, we have to first figure out how is this serving their business model,” said Elizabeth Renieris, a law and policy expert at Harvard University’s Berkman Klein Center for Internet and Society.

“There might be secondary benefits to the end-user, but that’s never their primary intention.

“It’s really important to remember that Google’s tools feel like they are for us, but they’re not for us,” she added. “They’re for advertisers and commercial entities.”

Google, based in Mountain View, Calif., did not respond to requests for comment from Digital Privacy News.

Monopolistic Behavior

The Justice Department’s lawsuit, filed Oct. 20, alleged that Google engaged in monopolistic behavior.

“Google has accounted for almost 90% of all queries in the United States and has used anticompetitive tactics to maintain and extend its monopolies in search and search advertising,” the agency said in announcing the litigation.

According to the lawsuit, Google entered into exclusivity agreements that barred the preinstallation of competing search services; forced preinstallation of Google search applications in prime positions on mobile devices and made them undeletable; entered into long-term agreements that made Google the exclusive search engine on Apple’s Safari browser; and bought preferential treatment for its search engine on devices, web browsers and other search-access points.

“Google’s tools feel like they are for us, but they’re not for us. They’re for advertisers and commercial entities.”

Elizabeth Renieris, Harvard University.

“These and other anticompetitive practices harm competition and consumers, reducing the ability of innovative new companies to develop, compete and discipline Google’s behavior,” the Justice Department said.

Google Responds

However, in a blog post that day responding to the lawsuit, Google Chief Legal Officer Kent Walker called the action “deeply flawed.”

“People use Google because they choose to, not because they’re forced to or can’t find alternatives,” he said.

Walker also claimed that the lawsuit would “artificially prop up lower-quality search alternatives, raise phone prices and make it harder for people to get search services they want to use.”

Although the Justice Department and Google could reach a settlement, news reports have indicated that company representatives were anticipating that the case would not go to trial for at least a year. 

The litigation centers on Google’s use of exclusive deals to prod other companies into installing Chrome as the default browser on their devices and its use of contracts that require companies using its android operating system to also use Chrome as the default — but some of Google’s recent changes work in a similar way, experts told Digital Privacy News.

Access to Huge Ecosystem

Google’s moves, they said, actually could help the company maintain its business model, requiring competitors to become a part of its vast ecosystem or be denied an opportunity to operate. 

Bennett Cyphers, staff technologist at the Electronic Frontier Foundation (EFF) in San Francisco, said Google’s business model fundamentally relied on exploiting user data.

“They depend on collecting information about people, using that to predict their behavior and then selling that ability to advertisers,” he told Digital Privacy News.

“They need to make sure that they design their products so that they can collect as much data as they think they need.”

Among the changes Google has made in the last year: updating privacy controls to manage data usage on Google Analytics, changing how the cache system on its Chrome browser works, revamping its API permissions system to stop malicious extensions from being downloaded from Chrome and automatically deleting trash from Google Drive after 30 days.

What’s Driving the Changes?

One change Google announced in January was to better protect users from third-party malicious extensions by moving away from third-party cookies by 2022.

But Harvard’s Renieris said this would move Chrome from an unrestricted third-party cookies system, where extensions could offer users extra features and functionality, to a first-party situation, where all extensions must be approved by Google — as they now must be compatible with Google’s application programming interface (API).

Users would receive protection from extensions that could be viewed as malware, but Renieris noted that this “security enhancement” actually consolidated more power with Google.

“Google is saying that, in the name of privacy, we’re going to bring everything into the Google ecosystem under Google’s control,” she told Digital Privacy News.

“People use Google because they choose to, not because they’re forced to or can’t find alternatives.”

Kent Walker, Google chief legal officer.

“They’re saying we’re going to protect you against these third-party and non-Google tools and entities, but now Google effectively has better visibility, more control and more power over your experience.

“So, then, it becomes a question of, ‘How much do you trust Google?’” Renieris continued. “From my perspective, there are definitely concerns around that.”

Malware or Not?

Once this change is phased in, not only will Google have complete access to all cookies that track Chrome users, but it also will be positioned to reject any competitors’ browser extensions for reasons other than their being potential malware.

Consumers, therefore, would have to trust that Google’s approval process won’t keep better technology from reaching the market, as the Justice Department’s lawsuit alleged.

In another move, Google said in October that it would discontinue its Trusted Contacts emergency location-sharing app, which allowed people to find family members — even if they don’t respond to messages.

But the decision also helps the company consolidate power, experts told Digital Privacy News.

Starting this month, Google will redirect users to Google Maps, which it claims can offer a similar feature with more protection of user privacy.

However, Renieris said that moving from allowing a small list of known and trusted friends and family to know your location secretly, to a situation where Google Maps broadcasted your location over its platform — where known and unknown persons could access it — was not a pro-privacy move.

It just feeds users back into the larger Google ecosystem, where more data can be recorded and sold to advertisers, she told Digital Privacy News.

Changes to Google Analytics

Another example of Google’s dual intentions involves recent changes to Google Analytics.

The new version of Google Analytics, also inaugurated in October, has updated privacy controls, stronger data-deletion tools — and the ability to provide customers with greater ease in passing along consent information collected from users.

But Renieris pointed out that, while Google said the new features and privacy updates offered “expanded insights and deeper integration with Google Ads, new cross-device measurement capabilities and enhanced google signals,” those features were intended more for Google’s advertiser clients rather than for its individual end-users.

“The customer here is the advertiser — and what this is allowing is better-enhanced tracking, insights and behavioral analysis (of anyone using the browser),” she told Digital Privacy News. “So, the individual end-user’s privacy and security is actually degraded and is quite secondary.”

‘Writing on the Wall’

Google’s claims of adding privacy protections within its products are also part of its attempts to respond to regulatory scrutiny and legal liability the company sees coming down the line, said EFF’s Cyphers.

He noted, for instance, that the changes to Google Analytics and the company’s move from using third-party cookies was in part because of the European Union’s General Data Protection Regulation (GDPR).

The regulation, enacted in 2018, can hand down tough fines against violators of its seven privacy and security protection and accountability standards.

In June, a top French administrative court upheld Google’s $57 million fine for GDPR violations in 2019 regarding its failure to provide users with transparent and understandable information on its data-use policies.

“It’s legally dubious to use third-party cookies in a lot of ways that Google is using them right now,” Cyphers told Digital Privacy News.

“Chrome is the last major browser supporting third-party cookies without any restrictions right now.

“Google just continues refining their products, so that this data doesn’t leak in ways they don’t want it to.”

Bennett Cyphers, Electronic Frontier Foundation.

“So, I think they are seeing the writing on the wall.”

In addition, Cyphers said Google’s new policy of deleting files placed in Google Drive’s trash within 30 days also appeared to be in response to pressure to comply with GDPR standards.

The regulation stipulates that companies “may only store personally identifying data for as long as necessary for the specified purpose.”

Deleting data limits GDPR liability, not to mention liability from data breaches, he said.

Good for Consumers?

Companies like Google, Facebook and Apple, which are in the business of tracking people and collecting data, will receive a higher level of scrutiny resulting from the Justice Department’s action, experts told Digital Privacy News.

They said that, since the agency claimed that consumers and competitors could be harmed by Google’s practices, other companies with similar behaviors also could be challenged in the future.

Renieris and Cyphers emphasized that the many commercial entities and advertisers used Google’s tools and ecosystem to exploit consumer data. 

Whether Google tracks location history through Google Maps, catalogs browser searches, notes YouTube videos watched or collects the list of websites visited and purchased from, users may not realize what data is being collected or why.

“Nothing about these changes tells me that Google is doing anything different with their business model,” EFF’s Cyphers told Digital Privacy News. “Google is building huge behavioral profiles on people in order to target ads.

“None of that is really changing.

“Google just continues refining their products, so that this data doesn’t leak in ways they don’t want it to.”

So, while preventing those data leaks also provides privacy and security protections for consumers, Renieris observed that it also might come with a cost.

“It’s great that you may get a little more privacy from these smaller third parties or people scraping your data online,” she told Digital Privacy News, “but if we’re going to put more trust and power in the hands of Google or Apple, then they need to have more responsibility.

“We need to hold them more accountable underneath more regulatory scrutiny.

“Are we just consolidating power in the hands of a handful of companies,” Renieris observed, “and are they using privacy as a convenient excuse to have more market power?”

Matthew Scott is a New York writer.

Sources (all links external):