However, the simplification may have gone too far. The new policy could let Google sell your identity along with your browsing habits. The basic problem is not what the policy says, but what it doesn’t say.
There are some things you can do to protect yourself, somewhat, like only providing required information and opting out of certain information sharing. Click here to learn how.
Central to the new policy are the categories of information Google collects about you and what they will and won’t do with each. Depending on how you interpret the definitions, this could put much of what you consider sensitive or personal information at risk.
Here are the categories of your information that Google collects, from least to most sensitive:
- Non-personally identifiable information: This is information “recorded about users so that it no longer reflects or references an individually identifiable user”. However, as detailed below, we are not convinced this is true.
For example, your IP address (your individual computer’s address on the internet), along with other information Google has, can identify you and in some cases show a picture of your house. Google can share this type of information with the public and its partners. Google also says it will aggregate such data, but not how.
- Personal Information: This not only includes information you provide to Google that identifies you personally (like your name, email address and billing information) but also other data that Google can reasonable link to it.
Be careful what information you provide (for example, putting your birthdate in Google+), because Google will share (probably sell) it with outside "companies, organizations or individuals" unless you opt out. But, opting out is not so easy to figure out. Click here to learn how.
- Sensitive personal information: This only includes your “confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.”
You might expect it to also include sensitive information like your name, telephone number, address, birthday, social security number. But it apparently does not. The good news is that Google will not share this information unless you opt in.
Zip Code, Birthdate and Gender Can ID You
According to Peter Eckersley’s A Primer on Information Theory and Privacy, a person’s identity can probably be determined from three pieces of information: zip code, birthdate and gender.
A Carnegie Mellon University professor proved it works by combining an "anonymized" medical record with a voter registration database. She identified the anonymous patient as William Weld, the former governor of Massachusetts. Apparently, up to 87% of people in the U.S. can be identified this way. See What Information is "Personally Identifiable"?.
Even if Google treats that as “personal information”, Google could still sell it if you don’t opt out. (Learn how to opt out here). In that case, Google might not even have to aggregate the information with that of other users, meaning that Google might be able to sell it as an individual record.
Hiding Your Zip Code Won't Help
Google does not require you to provide your zip code as part of your gmail account. It's optional. Whew. Right? Guess again. Even if you don't provide your zip code, Google, or anyone to whom it sells your IP address, can probably get it.
Google does not state exactly what information it considers “non-personally identifiable”, but it apparently includes your IP address (your individual computer’s unique address on the internet). Not to worry. Google says your IP address can identify what country your computer is in. Well, that's a bit of an understatement.
Anyone armed with your IP address (courtesy of Google) can determine your computer’s location, likely down to your zip code, using widely available technology. Searching on "ip address locator" reveals many free and paid services that are happy to oblige. They automatically grab your IP address (or let you enter one) and tell you lots of information about it. For example, ip2location.com will tell you your city and zip code, based only on your IP address.
Google Can Combine Your Info
Under its new "privacy" policy, Google can combine the personal information you provide across its many services. Say that you put your gender on a Google social networking site for dating purposes and your birthdate on Google+ so others can wish you a happy birthday.
Even if you don't also provide your zip code, anyone (whose money Google is willing to take) might be able to determine who you are and where you go online. At least the probability of positive IDs would be high enough to make the information valuable on the open market to spammers, unscrupulous advertisers, nosy private detectives, government officials, etc.
Click here to learn how to protect yourself.