Online Privacy and Codes of ConductPeter FleischerGlobal Privacy Counsel my personal blog: http://www.peterfleischer.blogspot.com/

Topics

Search

Chrome

Maps

Social Networking

Health

Ads

The Cloud

What do we collect in search?

• URL, including query

• IP address

• Time and date of search

• Operating system

• Browser type

• Cookie ID

Anonymizing server logs: 9 months for IP addresses/ 18 for cookies

Balancing various factors: privacy, security, and improving our services

• to improve our search

• to defend our systems/ fight fraud/protect users

How long do we retain search logs?

123.45.67.XX - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - XXXXXXXXXXXXXXXX

Web History // Putting users in control of their data

When a user signs up for Web History (to deliver personalized search results), they are given full control of the information they share with Google, including the ability to pause, remove, and bookmark items, and delete their account at any time.

Google Chrome

Locally stored history

Incognito mode

Google Suggest

Maps

Street ViewWhat should be private in a public space?

Simple Notification Tools

Google Earth

11

Latitude: User-controlled location sharing

Using Google to Communicate, Show and Share

UsersUsers

Designing Privacy Controls In All Our Products

All Google products have sharing controls built in

Orkut: Detailed Privacy Controls

Google Health

At its foundation, Google Health is about putting people in control of their health information.

• Google Health puts users in complete control over who views their health information and who can add information to their profile.

• Google Health provide privacy protections equivalent to those required under HIPPA

Query-based Ad Selection – AdWords

Mutual Funds – ACME Corp Learn how mutual funds work andcompare different types of funds.www.acme.com/mutualfunds

Connect with consumers when they search

Mutual Funds – ACME Corp Learn how mutual funds work andcompare different types of funds.www.acme.com/mutualfunds

Advertising & the internet

17

18

Third-Party Ad Serving in a nutshell

User

1. Get: www.cnn.com

ISP

Cookie:doubleclick.comUID=619

PartnerAd

2. Send: HTML page

4. Send ad for UID=619

3. Get: doubleclick.com/ad

Cookiedoubleclick.comUID=619

19

NAI Code of Conduct

19

In addition to requiring notice

to consumers about the use

of 3rd party cookies, the

NAI mandates that member

advertising networks provide

an "opt-out“ mechanism for

the targeted ad programs

they provide. The NAI opt-out

tool is a simple Web-based

utility that allows you

to opt out of receiving

targeted ads from

member ad networks.

UK IAB Code of Conduct

• UK Industry Self-Regulatory Code for Interest based advertising, ensuring choice and transparency.

• Google one of the founding signatories other firms include Yahoo, AOL, MSFT

• Consumer portal: www.youronlinechoices.com (screenshots below)

• Code welcomed by the UK Data Protection Authority and the communications regulator OfCom.

• Model for pan-European code under discussion within IAB-Europe.

Consumer top-tipsConsumer FAQsConsumer portal landing page

Transparency & Notice

Feedback – Ads by GoogleFeedback – Ads by Googlewww.PBS.org/FRONTLINEwww.PBS.org/FRONTLINE

Transparency & Notice – landing page for in ad notice

Link to Ads Preference Manager

Meaningful Choice

PERSISTENT OPT-OUT

Adding interests – consumer empowerment & engagement

Beyond notice: Google Privacy Channel

Updating privacy laws

1980OECD onPrivacy

1995EU PrivacyDirective

2004APEC PrivacyFramework

1993First Web Browser

2008

countries withprivacy laws

countries withno privacy laws

The Cloud

Thank youDiscussion?