[conite]

What you've written above is simply NOT a factual statement.

The following is straight from the Google link YOU provided:

"When you use our services or view content provided by Google, we automatically collect and store certain information in server logs.

This includes: ...telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls."

It's just one of many possible privacy intrusions that exists.‎

They further state:

" ...‎We provide personal information to our affiliates or other trusted businesses or persons..."

There are literally dozens of scenarios outlined where that information is provided to others, some with 'consent' and where by using the device at all, you have already 'consented'.‎

I stand by my prior language. Consumers deserve straightforward and clear information so they can make an informed decision. ‎

Your prior language is not comparable to "calls will be recorded for quality service and training purposes", but rather "calls will be recorded".

Here is the full text, so people can decide for themselves:

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

With your consent

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

With domain administrators

If your Google Account is managed for you by a domain administrator (for example, for G Suite users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data).

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

meet any applicable law, regulation, legal process or enforceable governmental request.

enforce applicable Terms of Service, including investigation of potential violations.

detect, prevent, or otherwise address fraud, security or technical issues.

protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

[JSmith422]

We are talking about a ToS that you, as a user, signs before using said device.

They can combine all they like, but no identifying info leaves their server or is provided to any third party.

They can sell anonymous/aggregate info until the cows come home, but nothing identifying.

I never said you can opt out of all collection - just some ("a good deal").

This is all in specific response to providing a "cover sheet" to the ToS.

What you have stated, by Google's own admission, is largely false.

However, I agree we ARE talking about simplifying the TOS so that anyone and everyone knows exactly what's happening with their information. I suggested a cover sheet on the TOS.

[JSmith422]

Your prior language is not comparable to "calls will be recorded for quality service and training purposes", but rather "calls will be recorded".

Here is the full text, so people can decide for themselves.

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

With your consent

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

With domain administrators

If your Google Account is managed for you by a domain administrator (for example, for G Suite users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:

view statistics regarding your account, like statistics regarding applications you install.

change your account password.

suspend or terminate your account access.

access or retain information stored as part of your account.

receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

restrict your ability to delete or edit information or privacy settings.

Please refer to your domain administrator’s privacy policy for more information.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

meet any applicable law, regulation, legal process or enforceable governmental request.

enforce applicable Terms of Service, including investigation of potential violations.

detect, prevent, or otherwise address fraud, security or technical issues.

protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

You've misquoted me.

[JSmith422]

Your prior language is not comparable to "calls will be recorded for quality service and training purposes", but rather "calls will be recorded".

Here is the full text, so people can decide for themselves.

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

With your consent

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

With domain administrators

If your Google Account is managed for you by a domain administrator (for example, for G Suite users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:

view statistics regarding your account, like statistics regarding applications you install.

change your account password.

suspend or terminate your account access.

access or retain information stored as part of your account.

receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

restrict your ability to delete or edit information or privacy settings.

Please refer to your domain administrator’s privacy policy for more information.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

meet any applicable law, regulation, legal process or enforceable governmental request.

enforce applicable Terms of Service, including investigation of potential violations.

detect, prevent, or otherwise address fraud, security or technical issues.

protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

Again, you've just illustrated my point....its obscurity.

Tl;Dr - Google collects everything they possibly can about you and gives it to whomever they want, whenever they want. If you use an Android device, you have already consented to this.

[conite]

Again, you've just illustrated my point....its obscurity.

Tl;Dr - Google collects everything they possibly can about you and gives it to whomever they want, whenever they want. If you use an Android device, you have already consented to this.

Absolutely untrue.

They provide unidentifying (aggregate/analytics) info to third parties, but identifying information to: opt-in consent 3rd parties, sub-contractors that abide by Google's ToS, your own domain admistrator, or law enforcement". That's it.

[JSmith422]

Absolutely untrue.

They provide unidentifying info to third parties, but identifying information to: opt-in consent 3rd parties, sub-contractors that abide by Google's ToS, your own domain admistrator, or law enforcement". That's it.

That is simply NOT what it says. You've made some giant leaps in your interpretations of their TOS.

Further, even if what you stated is true, - by using an Android device, an individual has already 'consented' and their information thus is fair game.

If people want to trust Google, that's their decision, but consumers have a right to know what is happening in the background when they use a device and specifically what information is being collected and how exactly it's used.

I reiterate my point that it should be simple enough that a 10 year old could understand....anything short of that is intentional obscurity.

[conite]

That is simply NOT what it says. You've made some giant leaps in your interpretations of their TOS.

Further, even if what you stated is true, - by using an Android device, an individual has already 'consented' and their information thus is fair game.

If people want to trust Google, that's their decision, but consumers have a right to know what is happening in the background when they use a device and specifically what information is being collected and how exactly it's used.

I reiterate my point that it should be simple enough that a 10 year old could understand....anything short of that is intentional obscurity.

You're being intentionally disingenuous.

I'm not making any leaps - I copied the entire text above. Read it yourself - I'm being perfectly accurate.

And no, signing the ToS does not constitute the separate opt-in consent required for sharing identifying info with a 3rd party (exclusion 1 of 4 from above).

[bb10adopter111]

Well that has never happened to me, and you would consider me reckless by comparison with my security and privacy behaviour.

Hard to evaluate a single anecdote and drill down to other possibilities including dumb luck.

I have cross-google stories all the time, but NEVER a personal, directed email from a 3rd party relying on specific information from Google.

Of course you are correct to be skeptical of my anecdote. But their have been multiple experiments showing "the ease with which apparently anonymous data, stripped of the normal PII information, can be "reidentified" so as to identify the individual with a 50%-90% certainly, which is quite good enough for marketing purposes.

It often only takes a few unique, anonymous Web searches within a geographic area the size of a county, combined with other information routinely collected by tracking cookies, to reidentify the searcher. Hardware/browser profiles are almost as unique as fingerprints, according to some researchers, and none of that information is considered PII or is stripped in the aggregation process.

A quick overview on browser tracking:
Https:// myshadow.org/browser-tracking

Posted with my trusty Z10

[conite]

Of course you are correct to be skeptical of my anecdote. But their have been multiple experiments showing "the ease with which apparently anonymous data, stripped of the normal PII information, can be "reidentified" so as to identify the individual with a 50%-90% certainly, which is quite good enough for marketing purposes.

It often only takes a few unique, anonymous Web searches within a geographic area the size of a county, combined with other information routinely collected by tracking cookies, to reidentify the searcher. Hardware/browser profiles are almost as unique as fingerprints, according to some researchers, and none of that information is considered PII or is stripped in the aggregation process.

Posted with my trusty Z10

We are talking specifically about Google here, and I see no evidence of this type of susceptibility.

There are a ton of other sources of this type of information that are far more flippant with data.

[bb10adopter111]

We are talking specifically about Google here, and I see no evidence of this type of susceptibility.

There are other sources of this type of information that are far more flippant with the data.

Yes. THEY are the ones doing the reidentifying, to be sure, but they use Google search data (which includes useful, non PII information) as a critical part of their mining operation.

Posted with my trusty Z10

[conite]

Yes. THEY are the ones doing the reidentifying, to be sure, but they use Google search data (which includes useful, non PII information) as a critical part of their mining operation.

Posted with my trusty Z10

Well, then I'm ok with that, because I trust them with securing my data.

I already assume they have it all anyway. In for a penny, in for a pound.

[bb10adopter111]

Well, then I'm ok with that, because I trust them with securing my data.

I already assume they have it all anyway. In for a penny, in for a pound.

OK. I am in general agreement with you that Google isn't nefarious or a particularly bad actor. But I also think that we need much more stringent consumer protections and disclosures for privacy. This won't be driven by the US in the current political environment, but we will soon see the first $1B fine in the EU, with Facebook as the likely poster child for violations of privacy regulations.

The idea that removing the specific PII fields protects privacy is a myth in the current big data environment. It just presents another hoop for data miners to jump through.

Posted with my trusty Z10

[JSmith422]

You're being intentionally disingenuous.

I'm not making any leaps - I copied the entire text above. Read it yourself - I'm being perfectly accurate.

And no, signing the ToS does not constitute the separate opt-in consent required for sharing identifying info with a 3rd party (exclusion 1 of 4 from above).

I am NOT being disingenuous to any degree, I've been perfectly accurate and frankly, I find that comment to be rather uncalled for.

But to clarify, you've confused two separate points.... your "leap" was that your interpretation of the TOS is simply too narrow. The language contained therein is so ambiguous that no reasonable person could ever ascertain from the context what is actually being done with the data. There are definitions missing, and other items are only loosely defined. This contract would never pass legal review within our organization or many many others for that matter and I personally believe it was intentionally written that way by Google. A Business Law 101 class would teach these things. It's not rocket science.

You've taken a fundamental stance on the language contained within the TOS without any significant basis for doing so. Without significant case law to demonstrate your narrow interpretation of the terms in the contract, and demonstrable evidence from Google indicating compliance it's absolutely a GIANT leap to say that Google is ONLY doing X, Y, or Z and that they are bound by the terms as you've described them here.

Personally, I've taken a more conservative read of the TOS and the specificity as you've described, just simply isn't there.

That's just my opinion, but I've made my living over the last (nearly) twenty years by spending most of my time with my head buried in contracts of one kind or another. Definitions matter. Commas matter. Evidence matters.

[JSmith422]

I would also bet that the majority of people don't even bother reading the terms of service for their phones or other services for that matter.

Exactly. Which is why it needs to be simple, straight forward, and easy enough for a 10 year old to understand.

[JSmith422]

We are talking about a ToS that you, as a user, signs before using said device.

They can combine all they like, but no identifying info leaves their server or is provided to any third party.

They can sell anonymous/aggregate info until the cows come home, but nothing identifying.

I never said you can opt out of all collection - just some ("a good deal").

This is all in specific response to providing a "cover sheet" to the ToS.

The non-identifying information is just fallacy...that information is absolutely traceable.

Do you consider an IP Address to be personally identifiable? Google doesn't. But we were able to use one just yesterday to trace a specific individual to another continent.

I've seen your posts on this forum, you're far too intelligent to believe that it's not personally identifiable information they're using.

[JSmith422]

Twenty years ago with the advent of search engines and their algorithms, people started finding my unlisted phone number and private email addresses because of primitive data aggregating mixed with tracking cookies.

I don't think it's possible to achieve the level of privacy you want by just using a dumb phone. If you're on the Internet, your data is being aggregated. It seems like they're more intrusive. Perhaps, they've always collected all this data and they're just better at mining it now.

I think both are true to some degree. However, that doesn't change the fact that consumers have a right ton know, specifically, what is being collected and how it's used.

[JSmith422]

The definition that Google and other companies use for PID is based on a list of fields that includes government identity numbers names, addresses, phone numbers, etc.

However, it excludes huge volumes of information such as hardware/browser profiles, search results and other "anonymous" information that "third parties" can readily combine with their own data from tracking cookies and other sources to identify individual users. Researchers have demonstrated that this is quite simple to accomplish.

This is why the data is so valuable and how companies monetize it. There are many digital marketing companies providing this service to retail companies.

As an example, I searched Google on my desktop computer the other day for a coffee maker for a housewarming gift, but I didn't follow any links. I just browsed the prices on the right in the search results. My computer clears all cookies when I close the browser, unless they are whitelisted.

Two days later I went to Best Buy to look for clearance audio gear. I normally leave location services off on my KEYone unless I need it for something specific, but I leave the GPS sensor on on my Z10.

After spending 30 minutes in the store, I decided to download a video and check Google Maps on my KEYONE, so I turned on Google location services and connected to the Free WiFi network in Best Buy. Within a minute I received an email from Best Buy promoting counter top appliances, including coffeemakers.

The act of turning on my phone and connecting location services and WiFi let Best Buy know who I was and what I'd searched for on Google two days before. I don't believe that Google violated its TOS, so the logical answer is that the aggregated information, combined with other information held by Best Buy and its digital marketing partners allowed them to resolve my anonymized information from Google to my PID.

Posted with my trusty Z10

This type of thing happens all the time. There's no such thing as anonymous.

[Chuck Finley69]

I think both are true to some degree. However, that doesn't change the fact that consumers have a right ton know, specifically, what is being collected and how it's used.

It's no different than when your dinner shows up at your table in the restaurant. Most people don't want to know what goes on in the kitchen. Blissful ignorance mixed with just the right amount of indifference and side of pleasantries.

[JSmith422]

We are talking specifically about Google here, and I see no evidence of this type of susceptibility.

There are a ton of other sources of this type of information that are far more flippant with data.

1.). Really? You see no evidence of this type of behavior with Google?

2.) Other companies being guilty of the same act does not excuse Google for their own actions.

[JSmith422]

It's no different than when your dinner shows up at your table in the restaurant. Most people don't want to know what goes on in the kitchen. Blissful ignorance mixed with just the right amount of indifference and side of pleasantries.

True, but you're able to ask what ingredients are in the dish, and where they are sourced. If the organization doesn't disclose that information then you have literally millions of other choices of supplier.

The difference with Google is that it's become nearly impossible to exist in the world without using their services....they've become a utility.....and I would argue that the price that comes with being an organization of that magnitude is the obligation to be straightforward with customers.

[conite]

The language contained therein is so ambiguous that no reasonable person could ever ascertain from the context what is actually being done with the data. There are definitions missing, and other items are only loosely defined.

What part from the 3rd party privacy exceptions above are you having trouble with, or find ambiguous?

[conite]

The non-identifying information is just fallacy...that information is absolutely traceable.

Do you consider an IP Address to be personally identifiable? Google doesn't. But we were able to use one just yesterday to trace a specific individual to another continent.

I've seen your posts on this forum, you're far too intelligent to believe that it's not personally identifiable information they're using.

Of course Google uses it. That's not the issue. It's what is passed on to 3rd parties that is being discussed.

I have little doubt that Google knows the size of my right nut. I just don't want the restaurant at the end of the street to know it too.

[conite]

1.). Really? You see no evidence of this type of behavior with Google?

2.) Other companies being guilty of the same act does not excuse Google for their own actions.

I have seen no evidence of Google violating its ToS with respect to 3rd parties, no.

[Emaderton3]

I think the pervasiveness of it is bothersome to many people. Don't most websites use Google Analytics anyway? So data is being collected on multiple fronts regardless if you are logged in or not using Google products, no?

[Emaderton3]

Of course Google uses it. That's not the issue. It's what is passed on to 3rd parties that is being discussed.

I have little doubt that Google knows the size of my right nut. I just don't want the restaurant at the end of the street to know it too.

I think you are safe. My Google search didn't come up with much.