Others, however, are up in arms after the internet giant announced it had combined what used to be dozens of privacy policies for its various subsidiary sites, replacing them with a single new policy it says will help punters understand what it does with their data (complexity and sensitivity have forced separate policies for Google Wallet, Chrome and Books).
Concerns over the magnitude of the move were so broad that European Union officials asked Google to push back its March 1 deadline for introduction of the new policy so French data privacy regulator CNIL could complete a formal investigation, on behalf of the EU, into its potential effect on users' rights. The European Union's longstanding Data Protection Directive outlines strict controls on the collection, exchange and use of personal information.
A single experience
The new policy reflects changes Google has been making to its services so they can all be tied back to a user's single Google Account, rather than having different user names on different services. Google says the policy reflects "our desire to create one beautifully simple and intuitive experience across Google" – a broad corporate objective to which CEO Larry Page is so committed that he recently told employees that if they didn't agree with it, they should "probably work somewhere else".
Unification makes it easier for Google to move data between services, but it also opens the door to what could become some uncomfortable prying. For example, if you've been looking up tropical islands on Google Maps, you might find yourself served advertisements from travel agents or directed to discounted flights through the Flight Search service Google launched with ITA Software last September. If you often refer to Mozilla's Firefox browser in emails, Google might prioritise ads for its own Chrome alternative.
The options are unlimited but the core issue is that, by tying information about users back to one account, Google could run roughshod over its users' privacy. It's not a dissimilar concern to that which dogged Facebook for years and last November saw that company agree to significant changes to address the concerns of EU authorities and the US Federal Trade Commission.
Australian authorities haven't been concerned: Australian Privacy Commissioner Timothy Pilgrim has been investigating the policy in conversations with Google, and has indicated his broad support for policy consolidation as "A step in the right direction as it will make it easier for users to understand what Google will do with their personal information."
However, he added, "Thought needs to be given to how easy it is for people to control what is happening to their information." Google already offers users such controls through its Google Dashboard (see sidebar).
The fine print
The new policy also lets Google combine information between services – one practice that has worried many privacy advocates because many users previously valued anonymity in some services. Google won't combine DoubleClick cookie information with personally identifiable information without user opt-in, and will get user consent before using data in other ways.
Also spelled out in the new policy are details of Google's information-security precautions and an explicit list of cases where Google will share information with external parties (with user consent, with domain administrators, where data is sent to affiliates for external processing or for legal reasons).
Whether or not the new guidelines are passed without comment or become the subject of a furious online battle remain to be seen. However, in the main Google argues that they are clearer and simpler than the previous policy – and will provide a foundation on which the company can both unify and tailor its services in the future.