« The other course pack case... | Main | Pat Tumulty on patron behavior codes and the court »

Comments

Michael Zimmer examined new gbs privacy policy and concludes

"Google Book Search Privacy Policy Mirrors Web Search, with One Hopeful, albeit Limited, Difference"

http://michaelzimmer.org/2009/09/08/google-book-search-privacy-policy-mirrors-web-search/

[GBS policy:] Some jurisdictions have special “books laws” saying that this information is not available unless the person asking for it meets a special, high standard – such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader’s interest in reading anonymously under the United States First Amendment or other applicable laws.

I agree that we should alter our standards.

Our standards center on disclosure, which has been the primary concern to date. When does a vendor turn over information to third parties, the government etc.

Google's mass stockpile of data on us makes us realize that disclosure to others is not the only concern. We must be concerned about the use of our data internally by Google (or other megastockpiles).

With the massive amount of information Google already has about all of us (now a dding in some staff/student email) combined with this fresh source of our reading habits, annotations, etc., Google itself knows too much. It should limit its intake and retention to the minimum necessary to satisfy authentication or payment and then destruct.

Even if Google was content to let our digital dossiers lay undisturbed (and why would it - unless there are legal restraints), the disclosure concern returns. Now if the subpoena comes, it's not just one piece of your identity that's at issue. It's large slices of you.

Agree that one can look at previews without a google account. But if someone wants more, all bets are off.

The settlement does not grant "broad authority to collect readers' data." It is true that Google will insert a watermark when items are printed, but that only identifies a session. If anyone wished to identify that specific user, they would have to subpoena user data from the institution that authorized access (much as the RIAA must subpoena for information on file sharing that goes beyond what the law allows). Google won't know who that user is - only the institution. The big privacy issue here, then, is with institutions that require users to log into their network (rather than surf anonymously).

And you write "If users log in with a Google Account (which Google may require)..." According to Google Book's privacy FAQ, "Users of Google Books will not be required to have a Google account. Anyone can freely search Google Books and preview up to 20% of most books without logging into Google." If Google should start requiring users to log in, then institutions should drop their subscriptions until they stop.

I am a little worried about the implications of many schools shifting to Google mail for students and staff. If a student is logged into Google mail and then does a search, will her searches then be tracked and monitored? That is unclear right now since Google doesn't actually have a product it is selling.

Again, as far as I can tell Google's privacy policies are better than almost every other vendor we use. So instead of holding Google to a much higher standard then we demand of anyone else, let's work on altering our standards.

EPIC filed a 35 page memo in its motion to intervene on behalf of consumer privacy
http://epic.org/privacy/googlebooks/default.html

EPIC points out that the settlement grants broad authority to collect readers' data, and in fact when users of the institutional subscription database print out pages of a particular book, Google will insert a watermark that "displays encrypted session identifying information provided by the subscribing institution during such session, and which could be used to identify the authorized user that printed the material or the access point from which the material was printed."

Thus Google is clearly planning to track every print by every user.

If users log in with a Google Account (which Google may require), the integration with the rest of the users' information could be staggering.

EPIC argues that the settlement would permit an unprecedented merger of book purchaser and borrower information with other personal data, without restriction on Google's user of the data.

Library patron confidentiality laws would not apply, and the right to read anonymously would be put at risk at a greater extent than the online tracking already encroaching our privacy.


Mary, I don't disagree with you. The point I wanted to make is that almost the only limit that libraries have set on vendor use of patron data is that they don't share it with 3rd parties. There is also some general concern that vendors should "respect the privacy of patrons," but it is certainly not presented in the enforceable fashion that EFF is demanding of Google. Furthermore, I could imagine that the vendor might consider analyzing what you read as part of a behavioral advertising campaign as being entirely respectful of your privacy, since it leads to better search results when you do search.

EFF is demanding from Google lots, lots more than libraries have demanded from any of our other vendors. The question is whether EFF is right, and our existing contracts are too weak with regards to privacy protections.

One side note: I looked at some of the library literature to see what it had to say about standards for patron privacy when outsourcing library services. There is almost nothing that I could find. Here is a topic for the 2nd edition of your book.

Hi Peter - I disagree with you on this one. The issue is not just disclosure, but also the actual capture of usage of the data by Google. Libraries don't capitalize the value of their patron data. I don't know exactly what vendors do with the data (presuming they've agreed not to sell it), but it pales in comparison with what Google can do with the massive data it collects about each of us. Selling more targeted slices of us to advertisers comes to mind, but the possibilities are really unlimited. Combining our reading data with our other google data...
p.s. funny comment about Google responding to me ;>

The comments to this entry are closed.