Yesterday, ARL filed comments with the Federal Trade Commission (FTC) to suggest that it require strong protection for reader privacy in the Google Books service. You can comment, too, but comments are due by May 2. Go here for an easy way to comment.
As part of a wide-ranging draft consent order, the FTC plans to require that Google devise a comprehensive privacy program that will govern all of its products and services. Google will be subject to regular privacy audits for the next 20 years to ensure its compliance with the order. Privacy watchdog EPIC, which was a major force behind the inquiry, believes this is the most ambitious privacy settlement the FTC has ever entered into, and they have even created a form for others to submit comments to the FTC on a host of Google privacy issues.
The FTC order is the result of an investigation of the Google Buzz social networking service, which raised serious privacy concerns when Google automatically enrolled its Gmail email users without their consent and revealed their contacts to the public. The FTC found that Google engaged in deceptive privacy practices in the deployment of the Buzz service.
In its comments to the FTC, ARL points out the privacy concerns libraries and other organizations had raised about the proposed Google Books settlement. While the proposed settlement has been rejected by the court, many of the privacy concerns raised in that context are still relevant to the existing Google Books service. The FTC’s order provides an opportunity to ensure that Google addresses those concerns. Read the full (but concise!) comments here.
And reproducing the comments here (with some loss in formating):
TO: Federal Trade Commission
RE: Proposed Consent Agreement In the Matter Google, Inc. (Google Buzz), File No. 1023136
We appreciate this opportunity to comment on the proposed consent agreement, specifically, regarding privacy issues raised by the Google Books product, which involves both searching and selling books. We believe it is very important for readers’ rights that Google take adequate steps to protect the privacy of Google Books users. The Commission’s proposed consent order offers a unique opportunity to protect reader privacy and free inquiry.
The Association of Research Libraries (ARL) is a nonprofit organization of 126 research libraries in North America. Its mission is to influence the changing environment of scholarly communication and the public policies that affect research libraries and the diverse communities they serve.
Like many stakeholders, ARL expressed concern about reader privacy and intellectual freedom in connection with the proposed settlement of litigation concerning the Google Books project.1 Although Judge Chin rejected the proposed settlement on other grounds, he acknowledged the privacy concerns in his opinion.2 The novel business arrangements contemplated by the settlement are less likely to come about, but Google Books as it currently exists already poses significant challenges for reader privacy.3 Google is still selling e-books and offering a book search service, and these services give Google the opportunity to collect huge amounts of data about what users read and research, the books they own, and even the books (and pages of books) they browse. Because Google’s business model involves using data collected from its free services to sell targeted advertising online, Google has ample motive to collect highly granular information about its users’ reading habits. This behavior should be constrained by reasonable privacy protections.
The United States has a long tradition of protection for reader privacy. Indeed, 48 states and the District of Columbia have laws to ensure that information about what we read in libraries is protected from unreasonable intrusion, and the remaining two states have analogous executive branch policies. This tradition has strong roots in the First Amendment right of expression as well as the Fourth Amendment right of privacy. Academic freedom requires the freedom to search, browse, and read on any subject without fear of undue intrusion by government or private industry. That tradition of robust protection for reader privacy should continue for online reading.4
Accordingly, the comprehensive privacy program required by Part III of the proposed consent order should reflect this deep tradition by putting in place appropriate protections for the information Google might gather about its Google Books users. In our submissions to Judge Chin, ARL and our allies supported the many helpful privacy recommendations put forward by the Center for Democracy and Technology,5 including:
• Limiting collection of usage data
• Limiting use of users’ book annotation data
• Providing users with access to their account data
• Allowing users to delete purchase histories and annotations
• Seeking a probable cause standard for disclosure of user data to the government, and a compelling-interest standard for civil litigant access touser data
• Notifying users when complying with any government or third party
request for user information, unless required by law not to do so
• Releasing aggregate information about requests for user data
• Retaining identifying data no longer than necessary, and
• Securing user data.
The Electronic Frontier Foundation (representing a group of privacy authors and publishers)6 and the Electronic Privacy Information Center7 also raised privacy concerns about the proposed settlement that the Commission should consider as it evaluates the comprehensive privacy program in relation to Google Books.
This consent order presents a unique opportunity to shape best practices in reader privacy for a major online service provider. The marketplaces for e-books and for book search are both in formative stages, and the standards adopted by Google can be highly influential for other market participants. We urge the Commission to confirm that reader privacy deserves the same respect in the online world that it has long demanded in the physical world by insisting on strong protections for reader privacy in the comprehensive privacy program.
1 See, e.g., Supplemental Library Association Comments On the Proposed Settlement at 7, Authors Guild v. Google, No. 05-8136 (S.D.N.Y. Sept. 2, 2009), available at http://www.arl.org/bm~doc/library-associations-supp-filing-sept-2-09.pdf; Letter from Privacy Authors and Publishers, et al., to Daralyn J. Durie, Esq., and Joseph C. Gratz, Esq. (Oct. 6, 2009), available at http://www.arl.org/bm~doc/gbs_groupprivacy.pdf.
2 Authors Guild v. Google, No. 05-8136 (S.D.N.Y. Mar. 22, 2011) (order rejecting proposed settlement) at 13, 39. 3 See, e.g., Andrew McDiarmid, Reader Privacy Issues Remain Following Google Books Settlement Rejection, CENTER FOR DEMOCRACY AND TECHNOLOGY BLOG, April 13, 2011, http://cdt.org/blogs/andrew-mcdiarmid/reader-privacy-issues-remain-following-google-
4 See Cindy Cohn and Kathryn Hashimoto, The Case for Book Privacy Parity: Google Books and the Shift from Offline to Online Reading, HARV. L. & POL’Y REV. (May 16, 2010), http://hlpronline.com/2010/05/the-case-for-book-privacy-parity-google-books- and-the-shift-from-offline-to-online-reading/.
5 Center for Democracy and Technology, Privacy Recommendations for the Google Book Settlement, July 27, 2009, http://cdt.org/copyright/20090727_GoogleRecs.pdf.
6 Privacy Authors and Publishers’ Objection to Proposed Settlement at 21-24, Authors Guild v. Google, No. 05-8136 (S.D.N.Y. Sept. 8, 2009), available at http://thepublicindex.org/docs/letters/privacy_authors.pdf.
7 Brief for Electronic Privacy Information Center as Amicus Curiae, Authors Guild v. Google, No. 05-8136 (S.D.N.Y. Sept. 4, 2009), available at http://thepublicindex.org/docs/letters/epic.pdf.