Data Privacy

Google recently updated its privacy policy. Here’s why the revisions could lead to problems.

On July 1, 2023, recent changes to Google’s privacy policy went into effect. Normally, companies’ privacy policy updates fly under the radar. But when Google updates its privacy policy, it’s a big deal.
Google recently updated its privacy policy. Here’s why the revisions could lead to problems.

On July 1, 2023, recent changes to Google’s privacy policy went into effect. These were the first changes to Google’s privacy policy since December 2022.

Normally, companies’ privacy policy updates fly under the radar. But when Google updates its privacy policy, it’s a big deal. In addition, a lot has happened in both the privacy landscape and the technology landscape during the time since Google last updated its privacy policy.

There are two notable changes in the most recent updates. The first is that Google has made significant revisions to the sections on state data privacy laws. That’s because many new state data privacy laws have been enacted or gone into effect over the past six months.

The second, and perhaps more eyebrow-raising change, is to the section on research and development. This was already an unusual and somewhat controversial section. In that section, Google discloses that it uses “publicly available” data to help it build new features. This seems to encompass all publicly accessible data anywhere on the Internet, not just data that users of Google services provide to Google.

In the recent changes, Google makes that provision even broader by changing “features” to “products and features.” The changes also add “AI models”, “Google Bard”, and “Cloud AI” as examples of products that Google uses publicly available data to build and train. Previously, only Google Translate was mentioned by name.

1_Ogx_To4lET5hITF6LzsGZw.webp

What Google is doing here is confirming and putting the world on notice that it will use any and all publicly accessible data from anywhere on the Internet to train its AI models.

The implications of these changes are as yet unclear. One issue to keep an eye on is how Google might interpret the vague term “publicly available.”

Google is one of the most powerful technology companies in the world, if not the most powerful. Data that Google might consider “publicly available” may not be publicly available to the average Internet user. In addition, Google might consider certain data to be publicly available even if the owner of that data didn’t intend to make it publicly available.

One specific example is the ‘Share’ feature in Google Drive, Google Docs, and Google Photos. This feature allows any Google user to create a publicly accessible link to a file stored in the user’s Google Account without actually publicizing the link. The feature enables Google users to share files with others who may not have Google Accounts by simply sending them the link.

Consequently, a file shared using this feature is technically accessible to the entire Internet, but if the link is not publicized, it might be difficult for others to find or access the file. Google calls this type of sharing, “Anyone with the link.” This is an instance in which a user may not consider a file to be “publicly available” if the user hasn’t publicized the link beyond specific individuals, but Google may consider it to be publicly available because the link is accessible by anyone on the Internet. The screen on which the user configures this setting is silent as to whether a file whose sharing is set to “Anyone with the link” is indexed by Google’s search engine.

1_maP-V-DA98NzSNcU1RGE9w.webp

If the data in these kinds of files will now be used to train Google’s AI models because Google considers the files to be “publicly available” even though the files’ owners do not, it could lead to disputes and other problems down the road.

It remains to be seen how this issue will unfold. Stay tuned.

Back to Blog

Who is Dev Legal?

Sabir Ibrahim

Managing Attorney

During his 18-year career as an attorney and technology entrepreneur, Sabir has advised clients ranging from pre-seed startups to Fortune 50 companies on a variety of issues within the intersection of law and technology. He is a former associate at the law firm of Greenberg Traurig, a former corporate counsel at Amazon, and a former senior counsel at Roku. He also founded and managed an IT managed services provider that served professional services firms in California, Oregon, and Texas.

Sabir is also co-founder of Chinstrap Community, a free resource center on commercial open source software (COSS) for entrepreneurs, investors, developers, attorneys, and others interested in open source software entrepreneurship.

Sabir received his BSE in Computer Science from the University of Michigan College of Engineering. He received his JD from the University of Michigan Law School, where he was an article editor of the Michigan Telecommunications & Technology Law Review.

Sabir is licensed to practice in California and before the United States Patent & Trademark Office (USPTO). He is formerly a Certified Information Privacy Professional (CIPP/US).

Sabir Ibrahim, Managing Attorney

What can Dev Legal do for you?

Areas Of Expertise

We aim to advise clients in a manner that minimizes noncompliance risks without compromising operational efficiency or business interests. The areas in which we assist clients, either alone or in collaboration with affiliates, include:

Technology License Agreements

Drafting, reviewing, and negotiating software licenses, SaaS agreements, and other technology contracts.

Open Source Software Matters

License compliance, contribution policies, and open source business strategy.

SaaS Agreements

Subscription agreements, terms of service, and service level agreements for cloud-based services.

Intellectual Property Counseling

Trademark, copyright, and patent strategy for technology companies.

Product Counseling

Legal review of product features, marketing materials, and compliance with regulations.

Terms of Service and Privacy Policies

Creating and updating legal documents for websites and applications.

Assessment of Contractual Requirements

Reviewing obligations and ensuring compliance with complex agreements.

Information Management Policies

Data governance, retention policies, and information security procedures.

Risk Mitigation Strategy

Identifying legal risks and developing strategies to minimize exposure.

Join Our Email Newsletter List And Receive Our Free Compliance Explainer

Our one-page Dev Legal Compliance Explainer is an easy-reference guide to understanding compliance concepts for you or your clients. Our email newsletter includes information about news and recent developments in the technology regulatory landscape and is sent approximately once a month.

Contact Us

Get In Touch

Phone

510.255.3766

Mail

PO Box 721
Union City, CA 94587