Thursday, July 23, 2009

The Google Books settlement and privacy

Last year, we signed a settlement agreement with authors and publishers that, if approved by the court, will unlock access to millions of books for anyone in the US. We reached another important milestone a few weeks ago, as University of Texas and University of Wisconsin-Madison announced new agreements with Google to broaden access to their collections under the settlement.

Recently, we've heard questions about our agreement and what it will mean for user privacy. Privacy is important to us, and we know it's important to our users, too. We have a strong privacy policy in place now for Google Books and for all Google products. But our settlement agreement hasn't yet been approved by the court, and the services authorized by the agreement haven't been built or even designed yet. That means it's very difficult (if not impossible) to draft a detailed privacy policy. While we know that our eventual product will build in privacy protections -- like always giving users clear information about privacy, and choices about what if any data they share when they use our services -- we don't yet know exactly how this all will work. We do know that whatever we ultimately build will protect readers' privacy rights, upholding the standards set long ago by booksellers and by the libraries whose collections are being opened to the public through this settlement.

We're thinking hard about how best to build privacy protections into the products authorized under the settlement. We've been having ongoing discussions with a wide range of privacy advocates, and we look forward to talking more with them and others throughout the industry about how to protect the privacy of people who search, browse, and buy books online.

Privacy organizations and Google have a lot to agree on: expanded, free online access to library books should be supported by continued privacy protections for readers. You can read our initial thoughts on how to do so in our FAQ. To read more about privacy at Google, visit our Privacy Center, and stay tuned for more details as we have them.

1 comment:

chris said...

I think most people have overlooked the arguments in the an analysis of IP addresses and URL I have made avaliable from the home page of

In summary, the data protection analysis (attached) that shows that URLs and IP addresses can become personal data, unambiguously.

It means that any individual user of the Internet can, at any time, seek the protection of a data protection regime by providing the necessary identifying details to any organisation that stores their IP address or URL.

Organisations that use such data will have to adjust their procedures to take account of the reality that any subsequent processing of URLs or IP addresses, can be, at any time the processing of personal data.

The process, in my view, puts the internet user in charge of his own privacy.

A full legal analysis is presented in the context of the UK’s Data Protection Act and includes advice for service providers, for data subjects, and discusses possible counter arguments. This analysis is valid for countries where the national data protection legislation is based on the Data Protection Directive 95/45/EC or on the OECD Guidelines; Google’s privacy policy suggests that the analysis applies to it.

Chris Pounder