The Electronic Privacy Information Center (EPIC), the Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (US PIRG) filed a complaint with the U.S. Federal Trade Commission (FTC) Friday that details what they consider key privacy problems with Google’s and DoubleClick’s pending merger.
The online privacy advocate groups want the FTC to either make changes with the upcoming US$3.1 billion deal or block it altogether.
“Neither Google nor DoubleClick have taken adequate steps to safeguard the personal data that is collected,” the complaint states. “Moreover, the proposed acquisition will create unique risks to privacy and will violate previously agreed standards for the conduct of online advertising.”
The complaint notes that Google has expressed plans to merge DoubleClick data with Google data to profile and target Internet users, but has only made vague statements about protecting user privacy.
Because Google is the world’s largest search engine and tracks user search queries and history via user IP addresses, it already holds huge amounts of Internet user data. DoubleClick, which tracks users via cookies associated with graphical ads it serves up, also owns a large amount of Internet user data.
“What we have is an unprecedented system of data gathering online that has emerged and has dramatically grown in terms of its ability to target people and collect all kinds of data,” Jeffrey Chester, executive director of the Center for Digital Democracy, told the E-Commerce Times. “This is a crucial watershed moment in terms of the digital system.”
No Legal Obligations
“Google’s proposed acquisition of DoubleClick will give one company access to more information about the Internet activities of consumers than any other company in the world,” the complaint states. “Moreover, Google will operate with virtually no legal obligation to ensure the privacy, security and accuracy of the personal data that it collects.”
The privacy groups ask the FTC to order Google to present a public plan to address how it can comply with established government and industry privacy standards like the OECD (Organization for Economic Cooperation and Development) Privacy Guidelines, as well as to provide reasonable access to all personally identifiable data maintained by the company to the person to whom the data pertains.
In addition, the groups want the FTC to order Google to establish a meaningful data destruction policy and require that Google destroy all cookies and other persistent identifiers resulting from Internet searches that could be personally identifiable once the user terminates the session with Google.
When Google first announced its intentions to acquire DoubleClick, Sergey Brin, Google’s cofounder and president of technology, noted the consumer vision of Google’s intent.
“It has been our vision to make Internet advertising better — less intrusive, more effective and more useful,” Brin explained. “Together with DoubleClick, Google will make the Internet more efficient for end users, advertisers and publishers.”
‘Protect People’s Privacy’
Chester acknowledges that he himself is a regular Google user.
“I couldn’t live my life without Google — I wrote a book and I used Google a lot — but we have to protect people’s privacy,” Chester explained. “Companies don’t need to know your name and address now to understand what content sites you go to, where your mouse is on a page, what videos online you watch and what you put in your shopping cart. It’s too much power in the hands of the few without any kind of real privacy policies in the U.S. to protect us.”
Those theoretical policies, Chester noted, should be about making sure the companies collect a minimum amount of data, letting the end users determine what information and data should be collected and not collected. “And that’s what the companies, even Google, don’t want to do,” he added.