(posted by Peter Hirtle)
So Google, perhaps in response to Mary Minow's post, has issued a new privacy policy for Google Books. To no one's great surprise, EFF finds it a good start but insufficient.
I would point out that Google's statement is entirely compatible with current library standards for confidentiality in licensed resources. Specifically, it begins by stating that "We do not share your personal information with third parties, except in the narrow circumstances described in the Privacy Policy, such as emergencies or in response to valid legal process." The CLIR/DLF Model License has this to say about confidentiality:
Licensor and Licensee agree to maintain the confidentiality of any data relating to the usage of the Licensed Materials by Licensee and its Authorized Users. Such data may be used solely for purposes directly related to the Licensed Materials and may only be provided to third parties in aggregate form. Raw usage data, including but not limited to information relating to the identity of specific users and/or uses, shall not be provided to any third party.
Similarly, SERU, Shared E-Resource Understanding, has this to say on confidentiality of user data:
The subscribing institution and the publisher respect the privacy of the users of the content and will not disclose or distribute personal information about the user to any third party without the user’s consent unless required to do so by law. The publisher should develop and post its privacy policy on its website.
And the International Coalition of Library Consortia's statement on "Privacy Guidelines for Electronic Resources Vendors" gives two primary requirements: that publishers do not share information with 3rd parties and that they have a published privacy policy.
The bottom line: Google is more than compliant with current library standards for 3rd-party privacy protection. EFF argues that "Given the important free expression interests at stake and the long history of protecting reader privacy by libraries and bookstores, readers need a durable guarantee of protection enforceable by a court." No library has been demanding such a guarantee before now. One has to wonder if the current criticism of Google wouldn't be better directed at libraries and their privacy requirements when working with outside vendors.
Michael Zimmer examined new gbs privacy policy and concludes
"Google Book Search Privacy Policy Mirrors Web Search, with One Hopeful, albeit Limited, Difference"
http://michaelzimmer.org/2009/09/08/google-book-search-privacy-policy-mirrors-web-search/
[GBS policy:] Some jurisdictions have special “books laws” saying that this information is not available unless the person asking for it meets a special, high standard – such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader’s interest in reading anonymously under the United States First Amendment or other applicable laws.
Posted by: Mary | September 08, 2009 at 06:26 PM
I agree that we should alter our standards.
Our standards center on disclosure, which has been the primary concern to date. When does a vendor turn over information to third parties, the government etc.
Google's mass stockpile of data on us makes us realize that disclosure to others is not the only concern. We must be concerned about the use of our data internally by Google (or other megastockpiles).
With the massive amount of information Google already has about all of us (now a dding in some staff/student email) combined with this fresh source of our reading habits, annotations, etc., Google itself knows too much. It should limit its intake and retention to the minimum necessary to satisfy authentication or payment and then destruct.
Even if Google was content to let our digital dossiers lay undisturbed (and why would it - unless there are legal restraints), the disclosure concern returns. Now if the subpoena comes, it's not just one piece of your identity that's at issue. It's large slices of you.
Agree that one can look at previews without a google account. But if someone wants more, all bets are off.
Posted by: Mary M | September 08, 2009 at 09:59 AM
The settlement does not grant "broad authority to collect readers' data." It is true that Google will insert a watermark when items are printed, but that only identifies a session. If anyone wished to identify that specific user, they would have to subpoena user data from the institution that authorized access (much as the RIAA must subpoena for information on file sharing that goes beyond what the law allows). Google won't know who that user is - only the institution. The big privacy issue here, then, is with institutions that require users to log into their network (rather than surf anonymously).
And you write "If users log in with a Google Account (which Google may require)..." According to Google Book's privacy FAQ, "Users of Google Books will not be required to have a Google account. Anyone can freely search Google Books and preview up to 20% of most books without logging into Google." If Google should start requiring users to log in, then institutions should drop their subscriptions until they stop.
I am a little worried about the implications of many schools shifting to Google mail for students and staff. If a student is logged into Google mail and then does a search, will her searches then be tracked and monitored? That is unclear right now since Google doesn't actually have a product it is selling.
Again, as far as I can tell Google's privacy policies are better than almost every other vendor we use. So instead of holding Google to a much higher standard then we demand of anyone else, let's work on altering our standards.
Posted by: Peter Hirtle | September 08, 2009 at 06:37 AM
EPIC filed a 35 page memo in its motion to intervene on behalf of consumer privacy
http://epic.org/privacy/googlebooks/default.html
EPIC points out that the settlement grants broad authority to collect readers' data, and in fact when users of the institutional subscription database print out pages of a particular book, Google will insert a watermark that "displays encrypted session identifying information provided by the subscribing institution during such session, and which could be used to identify the authorized user that printed the material or the access point from which the material was printed."
Thus Google is clearly planning to track every print by every user.
If users log in with a Google Account (which Google may require), the integration with the rest of the users' information could be staggering.
EPIC argues that the settlement would permit an unprecedented merger of book purchaser and borrower information with other personal data, without restriction on Google's user of the data.
Library patron confidentiality laws would not apply, and the right to read anonymously would be put at risk at a greater extent than the online tracking already encroaching our privacy.
Posted by: Mary M | September 07, 2009 at 06:03 PM
Mary, I don't disagree with you. The point I wanted to make is that almost the only limit that libraries have set on vendor use of patron data is that they don't share it with 3rd parties. There is also some general concern that vendors should "respect the privacy of patrons," but it is certainly not presented in the enforceable fashion that EFF is demanding of Google. Furthermore, I could imagine that the vendor might consider analyzing what you read as part of a behavioral advertising campaign as being entirely respectful of your privacy, since it leads to better search results when you do search.
EFF is demanding from Google lots, lots more than libraries have demanded from any of our other vendors. The question is whether EFF is right, and our existing contracts are too weak with regards to privacy protections.
One side note: I looked at some of the library literature to see what it had to say about standards for patron privacy when outsourcing library services. There is almost nothing that I could find. Here is a topic for the 2nd edition of your book.
Posted by: Peter Hirtle | September 07, 2009 at 01:45 PM
Hi Peter - I disagree with you on this one. The issue is not just disclosure, but also the actual capture of usage of the data by Google. Libraries don't capitalize the value of their patron data. I don't know exactly what vendors do with the data (presuming they've agreed not to sell it), but it pales in comparison with what Google can do with the massive data it collects about each of us. Selling more targeted slices of us to advertisers comes to mind, but the possibilities are really unlimited. Combining our reading data with our other google data...
p.s. funny comment about Google responding to me ;>
Posted by: Mary M | September 07, 2009 at 12:12 PM