Online Privacy and Codes of ConductPeter FleischerGlobal Privacy Counsel my personal blog: http://www.peterfleischer.blogspot.com/

Topics SearchChromeMapsSocial NetworkingHealthAds The Cloud

What do we collect in search?

URL, including query IP address Time and date of search Operating system Browser type Cookie ID

Anonymizing server logs: 9 months for IP addresses/ 18 for cookies

Balancing various factors: privacy, security, and improving our servicesto improve our searchto defend our systems/ fight fraud/protect usersHow long do we retain search logs?123.45.67.XX - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - XXXXXXXXXXXXXXXX

Web History // Putting users in control of their dataWhen a user signs up for Web History (to deliver personalized search results), they are given full control of the information they share with Google, including the ability to pause, remove, and bookmark items, and delete their account at any time.

Google Chrome Locally stored historyIncognito modeGoogle Suggest

Maps

Street ViewWhat should be private in a public space?

Simple Notification Tools

Google Earth

*Latitude: User-controlled location sharing

Using Google to Communicate, Show and ShareUsers

Designing Privacy Controls In All Our ProductsAll Google products have sharing controls built in

Orkut: Detailed Privacy Controls

Google Health At its foundation, Google Health is about putting people in control of their health information.

Google Health puts users in complete control over who views their health information and who can add information to their profile.Google Health provide privacy protections equivalent to those required under HIPPA

Query-based Ad Selection AdWordsMutual Funds ACME Corp Learn how mutual funds work andcompare different types of funds.www.acme.com/mutualfundsConnect with consumers when they searchMutual Funds ACME Corp Learn how mutual funds work andcompare different types of funds.www.acme.com/mutualfunds

Advertising & the internet*

*Third-Party Ad Serving in a nutshellUser1. Get: www.cnn.comISPCookie: doubleclick.com UID=6192. Send: HTML page4. Send ad for UID=6193. Get: doubleclick.com/adCookie doubleclick.com UID=619

*NAI Code of Conduct*In addition to requiring notice to consumers about the use of 3rd party cookies, the NAI mandates that member advertising networks provide an "opt-out mechanism for the targeted ad programs they provide. The NAI opt-out tool is a simple Web-based utility that allows you to opt out of receiving targeted ads from member ad networks.

UK IAB Code of ConductUK Industry Self-Regulatory Code for Interest based advertising, ensuring choice and transparency.Google one of the founding signatories other firms include Yahoo, AOL, MSFTConsumer portal: www.youronlinechoices.com (screenshots below)

Code welcomed by the UK Data Protection Authority and the communications regulator OfCom.Model for pan-European code under discussion within IAB-Europe.Consumer top-tipsConsumer FAQsConsumer portal landing page

Transparency & Notice Feedback Ads by Googlewww.PBS.org/FRONTLINE

Transparency & Notice landing page for in ad noticeLink to Ads Preference Manager

Meaningful Choice

PERSISTENT OPT-OUT

Adding interests consumer empowerment & engagement

Beyond notice: Google Privacy Channel

Updating privacy laws1980 OECD on Privacy1995EU Privacy Directive2004 APEC Privacy Framework1993First Web Browser2008countries with privacy lawscountries with no privacy laws

The Cloud

Thank youDiscussion?

***********

************