On July 1, 2023, recent changes to Google’s privacy policy went into effect. These were the first changes to Google’s privacy policy since December 2022.
Normally, companies’ privacy policy updates fly under the radar. But when Google updates its privacy policy, it’s a big deal. In addition, a lot has happened in both the privacy landscape and the technology landscape during the time since Google last updated its privacy policy.
There are two notable changes in the most recent updates. The first is that Google has made significant revisions to the sections on state data privacy laws. That’s because many new state data privacy laws have been enacted or gone into effect over the past six months.
The second, and perhaps more eyebrow-raising change, is to the section on research and development. This was already an unusual and somewhat controversial section. In that section, Google discloses that it uses “publicly available” data to help it build new features. This seems to encompass all publicly accessible data anywhere on the Internet, not just data that users of Google services provide to Google.
In the recent changes, Google makes that provision even broader by changing “features” to “products and features.” The changes also add “AI models”, “Google Bard”, and “Cloud AI” as examples of products that Google uses publicly available data to build and train. Previously, only Google Translate was mentioned by name.
What Google is doing here is confirming and putting the world on notice that it will use any and all publicly accessible data from anywhere on the Internet to train its AI models.
The implications of these changes are as yet unclear. One issue to keep an eye on is how Google might interpret the vague term “publicly available.”
Google is one of the most powerful technology companies in the world, if not the most powerful. Data that Google might consider “publicly available” may not be publicly available to the average Internet user. In addition, Google might consider certain data to be publicly available even if the owner of that data didn’t intend to make it publicly available.
One specific example is the ‘Share’ feature in Google Drive, Google Docs, and Google Photos. This feature allows any Google user to create a publicly accessible link to a file stored in the user’s Google Account without actually publicizing the link. The feature enables Google users to share files with others who may not have Google Accounts by simply sending them the link.
Consequently, a file shared using this feature is technically accessible to the entire Internet, but if the link is not publicized, it might be difficult for others to find or access the file. Google calls this type of sharing, “Anyone with the link.” This is an instance in which a user may not consider a file to be “publicly available” if the user hasn’t publicized the link beyond specific individuals, but Google may consider it to be publicly available because the link is accessible by anyone on the Internet. The screen on which the user configures this setting is silent as to whether a file whose sharing is set to “Anyone with the link” is indexed by Google’s search engine.
If the data in these kinds of files will now be used to train Google’s AI models because Google considers the files to be “publicly available” even though the files’ owners do not, it could lead to disputes and other problems down the road.
It remains to be seen how this issue will unfold. Stay tuned.
