Tag Archives: Public Policy

Our preparations for Europe’s new data protection law

Last year, we outlined Google’s commitment to comply with Europe’s new General Data Protection Regulation (GDPR), across all of the services we provide in the European Union. We’ve been working on our compliance efforts for over eighteen months, and ahead of the new law coming into effect, here’s an update on some of the key steps we've taken.


Improved user transparency

We’re updating our current Privacy Policy to make it easier to understand what information we collect, and why we collect it. We’ve improved the navigation and organization of the policy to make it easier to find what you’re looking for; explained our practices in more detail and with clearer language; and added more detail about the options you have to manage, export, and delete data from our services. The policy now also includes explanatory videos and illustrations, because a visual description can be easier to understand than text alone. And we've made it easier to jump to your privacy settings directly from the policy, helping you make choices about your privacy.

Although we’re taking these steps to make our Privacy Policy easier to understand, it’s important to note that nothing is changing about your current settings or how your information is processed. You’ll continue to have granular control over the data you share with us when you use our services, but with clearer explanations. The updated policy is already available to read and we’ll be emailing all of our users about it individually.


Improved user controls

Every day, nearly 20 million people around the globe visit My Account, our central hub that brings together all the different ways you can review your Google security, privacy and ad settings. As part of our GDPR compliance efforts, we’ve improved both the controls and the clarity of information in My Account so that people are better informed about how and why their data is collected. Within My Account, you can: 


  • Use Activity Controls to choose what activity is saved to your Google Account. We provide simple on/off switches to control Location History, Web and App Activity, YouTube Search History and more, across all devices that are signed in to your account.
  • View or delete data—including search history, location history, browsing history—from our services using My Activity. To make it easier to browse your past online activity, we have given you tools to search by topic, date, and product. You can permanently delete specific activities, entire days or weeks of activity that you don’t want associated with your account.
  • Take a Security Checkup or Privacy Checkup to reassure yourself that your account is secure, and that your privacy settings work for you. We’ve recently added an option that allows you to subscribe to more frequent prompts to take the Privacy Checkup.
  • Manage or mute the ads you see on Google, on websites and in apps using the recently upgraded Ads Settings tool and Mute This Ad control. We have provided more information about how and why certain ads are personalized, and will also be further simplifying the look and feel of these tools in the coming months.
  • Get a clear overview of all the Google products that you use—and the data associated with them—via Google Dashboard. We’ve recently made the Dashboard more mobile-friendly so it's now easy to use across different devices.

Improved data portability

Since its launch in 2011, people around the world have used our Download Your Data tool to export data from products like Google Photos, Drive, Calendar, Google Play Music and Gmail, either to their own computer, or to storage services like OneDrive, Dropbox and Box. We are further improving and expanding this feature, adding more Google services, including more contextual data controls, and creating a new setting that helps people schedule regular downloads.
Download your Data

While we’ve enabled people to download data from our services for many years, the GDPR encourages companies to enable direct service-to-service data transfers where feasible, for example from Google Photos to another photo service. To support that aim, we've recently initiated the Data Transfer Project on GitHub, providing early-stage open source code that will, in time, be of use to any developer wanting to offer seamless transfer of data from one service directly into an alternative (or vice versa).


Parental consent and improved tools for children online

Under the new rules, companies must get consent from parents to process their children’s data in certain circumstances. To obtain that consent and to make sure that parents and children have the tools to manage their online experiences, we’re rolling out Family Link—already available in various countries around the world—throughout the EU.


Through Family Link, parents can create a Google Account for their child and are required to provide consent for certain processing of their child’s data. Family Link also allows parents to set certain digital ground rules on their child’s Android device—like approving or blocking apps, keeping an eye on screen time, or remotely locking their child’s device. We plan to evolve Family Link’s functionality over time, working closely with parents and advocacy groups.


Helping our business customers and partners

The GDPR places new obligations on Google, but also on any business providing services to people in the EU. That includes our partners around the globe: advertisers, publishers, developers and cloud customers. We’ve been working with them to prepare for May 25, consulting with regulators, civil society groups, academics, industry groups and others.


For our advertising partners, we’ve clarified how our advertising policies will change when the GDPR takes effect. We already ask publishers to get consent from their users for the use of our ad tech on their sites and apps under existing legislation, but we’ve now updated that requirement in line with GDPR guidance. We’re also working closely with our publisher partners to provide a range of tools to help them gather user consent, and have built a solution for publishers that want to show non-personalized ads, using only contextual information.


For our Google Cloud customers, we’ve updated our data processing terms for G Suite and Google Cloud Platform and provided detailed information to customers about our approach to data portability, data incident notifications, secure infrastructure and third party audits and certifications, among other features. For more information, see this post on Google Cloud.


Strengthening our privacy compliance program

Over the last decade, Google has built a strong global privacy compliance program, taking advice from regulators around the world. Across the company, we have dedicated teams of engineers and compliance experts who work in full-time privacy roles, ensuring that no Google product launches without a comprehensive privacy review. We’ve now further improved our privacy program, enhancing our product launch review processes, and more comprehensively documenting our processing of data, in line with the accountability requirements of the GDPR.


This is a snapshot of things we’ve done to date to be ready for May 25, 2018. But our commitment to compliance with the GDPR, and the rights it gives people, will continue long beyond this date. As we evolve our products over time, we’ll continue to improve our Privacy Program and the protections we offer to users. Our ambition is to have the highest possible standards of data security and privacy, and to put our users and partners in control.

Supporting election integrity through greater advertising transparency

Last year, Google committed to make political advertising more transparent. This week, we’re rolling out new policies for U.S. election ads across our platforms as we work to meet those commitments.

As a first step, we’ll now require additional verification for anyone who wants to purchase an election ad on Google in the U.S. and require that advertisers confirm they are a U.S. citizen or lawful permanent residents, as required by law. That means advertisers will have to provide a government-issued ID and other key information. To help people better understand who is paying for an election ad, we’re also requiring that ads incorporate a clear disclosure of who is paying for it.  

There's more to come. This summer, we’ll also release a new Transparency Report specifically focused on election ads. This Report will describe who ​is ​buying ​election-related ​ads ​on ​our ​platforms ​and ​how ​much ​money ​is being spent. We’re also building a searchable library for election ads, where anyone can find which election ads purchased on Google and who paid for them.

As we learn from these changes and our continued engagement with leaders and experts in the field, we’ll work to improve transparency of political issue ads and expand our coverage to a wider range of elections.

Our work on elections goes far beyond improving policies for advertising. We’re investing heavily in keeping our own platforms secure and working with campaigns, elections officials, journalists, and others to help ensure the security of the online platforms that they depend on. In addition to the industry-leading protections in our consumer products, we’ve developed a range of Protect Your Election tools with Alphabet’s Jigsaw that are specifically tailored for people who are at particularly high risk of online attacks.

Yesterday, we announced improvements to one such product. Google’s Advanced Protection Program, our strongest level of account security for those who face increased risk of sophisticated phishing attacks sent to their email address, now supports Apple’s native applications on iOS devices, including Apple Mail, Calendar and Contacts. We expect this will help more campaigns and officials who are often the targets of sophisticated phishing attacks.

We are also working across the industry and beyond to strengthen protections around elections. We’ve partnered with the National Cyber Security Alliance and Digital Democracy Project at the Belfer Center at Harvard Kennedy School to fund security training programs for elected officials, campaigns, and staff members. We are also supporting the Harvard Kennedy School's Shorenstein's Center, “Disinfo Lab,” which will employ journalists to leverage computational tools to monitor misinformation in the run-up to and during elections.

For over a decade we’ve built products that provide information about elections around the world, to help voters make decisions on the leadership of their communities, their cities, their states and their countries. We are continuing that work through our efforts to increase election advertising transparency, to improve online security for campaigns and candidates, and to help combat misinformation.  Stay tuned for more announcements in the coming months.

Help fight the opioid epidemic this National Prescription Drug Take Back Day

We're deeply concerned by the opioid crisis that has impacted families in every corner of the United States. We started by thinking about how to bring Google’s technical expertise to help families combat the epidemic.

Research by the federal government has shown that prescription drug abuse is a large driver of opioid addiction, and that the majority of abused prescription drugs are obtained from family or friends, often from a home medicine cabinet. The U.S. Drug Enforcement Administration (DEA) has found that one way that Americans can help prevent drug abuse and addiction is to properly dispose of unneeded or expired prescription drugs. Yet many people aren’t aware of, or can’t easily find, prescription drug disposal programs in their communities.

Using Google Maps API, our team worked with the DEA to create a locator tool for the National Prescription Drug Take Back Day this Saturday, April 28. The locator tool can help anyone find a place near them to safely dispose of leftover prescription medications. Click on the image below to access the locator, and enter an address or zip code to find nearby Take Back Day events this Saturday and help fight the opioid epidemic.

rxlocator_map.gif

Longer term, we’re working with the DEA and state governments like Iowa, Arizona, Massachusetts, and Michigan to gather data on year-round take back options for future Google Maps integration.

In addition to making it easier to find take back locations, we’re also proud to support non-profit organizations on the frontlines of this crisis. We’ve worked with the Partnership for Drug-Free Kids since 2015 to help parents searching online for support connect to the Partnership’s  Parent Helpline. This service provides free counseling and advice to parents who need help addressing the many challenges of a child’s substance use. Today, we’re announcing $750,000 in matching gifts and other grants from Google.org to help expand the Parent Helpline and get even more families the support and help they need.

searchbox_teendrug.jpg

We’re also committed to ensuring that the public understands the danger of opioid abuse and the resources available for those who need help, by making useful information about opioid addiction and prescription drugs available in Google Search.

search_healthbox.jpg

There are no easy answers to a challenge as large as the opioid crisis, but we’re committed to doing our part to ensure that people in every corner of the country have access to the resources they need to address this urgent public health emergency.

Source: Google LatLong


2018 Google North America Public Policy Fellowship now accepting applications

Applications are now open for the 2018 North America Google Policy Fellowship, a paid fellowship that will connect students interested in emerging technology policy issues with leading nonprofits, think tanks and advocacy groups in Washington, DC, and California. This year’s fellows will be given the opportunity to work at a diverse group of organizations at the forefront of addressing some of today’s most challenging tech policy questions. Whether working on issues at the intersection of accessibility and technology or researching the future of work at a preeminent think tank, students will gain valuable hands on experience tackling critical tech policy issues throughout the summer.


The application period opens today for the North America region and all applications must be received by 12:00AM midnight ET, Tuesday, March 20. This year's program will run from June 5–August 11, with regular programming throughout the summer. More specific information, including a list of this year’s hosts, can be found on our site.


More fellowship opportunities in Asia, Africa, and Europe will be coming soon. You can learn about the program, application process and host organizations on the Google Public Policy Fellowship website.

Updating our “right to be forgotten” Transparency Report

In May 2014, in a landmark ruling, the European Court of Justice established the “right to be forgotten,” or more accurately, the “right to delist,” allowing Europeans to ask search engines to delist information about themselves from search results. In deciding what to delist, search engines like Google must consider if the information in question is “inaccurate, inadequate, irrelevant or excessive”—and whether there is a public interest in the information remaining available in search results.


Understanding how we make these types of decisions—and how people are using new rights like those granted by the European Court—is important. Since 2014, we’ve provided information about “right to be forgotten” delisting requests in our Transparency Report, including the number of URLs submitted to us, the number of URLs delisted and not delisted, and anonymized examples of some of the requests we have received.

New data in the Transparency Report


Today, we’re expanding the scope of our transparency reporting about the “right to be forgotten” and adding new data going back to January 2016 when our reviewers started manually annotating each URL submitted to us with additional information, including:


  • Requesters:We show a breakdown of the requests made by private individuals vs. non-private individuals—e.g., government officials or corporate entities.

  • Content of the request:We classify the content that the individual has asked us to delist into a set of categories: personal information, professional information, crime, and name not found, meaning that we were not able to find the individual’s name on the page.

  • Content of the site: When we evaluate a URL for potential delisting, we classify the website that hosts the page as a directory site, news site, social media, or other.

  • Content delisting rate:This is the rate at which we delist content by category on a quarterly basis.


Looking back: analyzing three years of delisting requests


In addition to updating the Transparency Report, we’re also providing a snapshot of our efforts to process these requests over the last three years.

rtbf_infographic.png

We’re also releasing the draft of a new research paper called Three Years of the Right to be Forgotten, which has been submitted to the Privacy Enhancing Technologies Symposium for peer review. This paper uses our manual reviewers’ annotations to provide a comprehensive analysis of the ways Europeans are using the “right to be forgotten.”


We hope the new data we’ve added to the Transparency Report and our research paper will help inform the ongoing discussion about the interplay between the right to privacy and the right to access lawful information online.

Extending domain opt-out and AdWords API tools

In 2012, Google made voluntary commitments to the Federal Trade Commission (FTC) that are set to expire on December 27th, 2017. At that time, we agreed to remove certain clauses from our AdWords API Terms and Conditions. We also agreed to provide a mechanism for websites to opt out of the display of their crawled content on certain Google web pages linked to google.com in the United States on a domain-by-domain basis.  

We believe that these policies provide continued flexibility for developers and websites, and we will be continuing our current practices regarding the AdWords API Terms and Conditions and the domain-by-domain opt-out following the expiration of the voluntary commitments. Additional information can be found here:

Extending domain opt-out and AdWords API tools

In 2012, Google made voluntary commitments to the Federal Trade Commission (FTC) that are set to expire on December 27th, 2017. At that time, we agreed to remove certain clauses from our AdWords API Terms and Conditions. We also agreed to provide a mechanism for websites to opt out of the display of their crawled content on certain Google web pages linked to google.com in the United States on a domain-by-domain basis.  

We believe that these policies provide continued flexibility for developers and websites, and we will be continuing our current practices regarding the AdWords API Terms and Conditions and the domain-by-domain opt-out following the expiration of the voluntary commitments. Additional information can be found here:

New government removals and National Security Letter data

Since 2010, we’ve shared regular updates in our Transparency Report about the effects of government and corporate policies on users’ data and content. Our goal has always been to make this information as accessible as possible, and to continue expanding this report with new and relevant data.

Today, we’re announcing three updates to our Transparency Report. We’re expanding the National Security Letters (NSL) section, releasing new data on requests from governments to remove content from services like YouTube and Blogger, and making it easier for people to share select data and charts from the Transparency Report.

National Security Letters

Following the 2015 USA Freedom Act, the FBI started lifting indefinite gag restrictions—prohibitions against publicly sharing details—on particular NSLs. Last year, we began publishing NSLs we have received where, either through litigation or legislation, we have been freed of these nondisclosure obligations. We have added a new subsection to the NSL page of the Transparency Report where we publish these letters. We also added letters to the collection, and look to update this section regularly.

Government requests for content removals

As usage of our services increases, we remain committed to keeping internet users safe, working with law enforcement to remove illegal content, and complying with local laws. During this latest reporting period, we’ve continued to expand our work with local law enforcement. From January to June 2017, we received 19,176 requests from governments around the world to remove 76,714 pieces of content. This was a 20 percent percent increase in removal requests over the second half of 2016.

Making our Transparency Report easier to use

Finally, we’ve implemented a new “deep linking” feature that makes it easier to bookmark and share specific charts in the Transparency Report. Sorting data by country, time period, and other categories now generates a distinct web address at the top of your browser window. This allows you to create a link that will show, for example, just government removals data in France, by Google product, for the first half of 2015. We hope this will make it easier for citizens to find and reference information in the report, and for journalists and researchers to highlight specific details that they may be examining as well.

By continuing to make updates like these, we aim to spark new conversations about transparency, accountability and the role of governments and companies in the flow of information online.

New government removals and National Security Letter data

Since 2010, we’ve shared regular updates in our Transparency Report about the effects of government and corporate policies on users’ data and content. Our goal has always been to make this information as accessible as possible, and to continue expanding this report with new and relevant data.

Today, we’re announcing three updates to our Transparency Report. We’re expanding the National Security Letters (NSL) section, releasing new data on requests from governments to remove content from services like YouTube and Blogger, and making it easier for people to share select data and charts from the Transparency Report.

National Security Letters

Following the 2015 USA Freedom Act, the FBI started lifting indefinite gag restrictions—prohibitions against publicly sharing details—on particular NSLs. Last year, we began publishing NSLs we have received where, either through litigation or legislation, we have been freed of these nondisclosure obligations. We have added a new subsection to the NSL page of the Transparency Report where we publish these letters. We also added letters to the collection, and look to update this section regularly.

Government requests for content removals

As usage of our services increases, we remain committed to keeping internet users safe, working with law enforcement to remove illegal content, and complying with local laws. During this latest reporting period, we’ve continued to expand our work with local law enforcement. From January to June 2017, we received 19,176 requests from governments around the world to remove 76,714 pieces of content. This was a 20 percent percent increase in removal requests over the second half of 2016.

Making our Transparency Report easier to use

Finally, we’ve implemented a new “deep linking” feature that makes it easier to bookmark and share specific charts in the Transparency Report. Sorting data by country, time period, and other categories now generates a distinct web address at the top of your browser window. This allows you to create a link that will show, for example, just government removals data in France, by Google product, for the first half of 2015. We hope this will make it easier for citizens to find and reference information in the report, and for journalists and researchers to highlight specific details that they may be examining as well.

By continuing to make updates like these, we aim to spark new conversations about transparency, accountability and the role of governments and companies in the flow of information online.

Update on the Global Internet Forum to Counter Terrorism

At last year's EU Internet Forum, Facebook, Microsoft, Twitter and YouTube declared our joint determination to curb the spread of terrorist content online. Over the past year, we have formalized this partnership with the launch of the Global Internet Forum to Counter Terrorism (GIFCT). We hosted our first meeting in August where representatives from the tech industry, government and non-governmental organizations came together to focus on three key areas: technological approaches, knowledge sharing, and research. Since then, we have participated in a Heads of State meeting at the UN General Assembly in September and the G7 Interior Ministers meeting in October, and we look forward to hosting a GIFCT event and attending the EU Internet Forum in Brussels on the 6th of December.

The GIFCT is committed to working on technological solutions to help thwart terrorists' use of our services, and has built on the groundwork laid by the EU Internet Forum, particularly through a shared industry hash database, where companies can create “digital fingerprints” for terrorist content and share it with participating companies.

The database, which we announced our commitment to building last December and became operational last spring, now contains more than 40,000 hashes. It allows member companies to use those hashes to identify and remove matching content — videos and images — that violate our respective policies or, in some cases, block terrorist content before it is even posted.

We are pleased that Ask.fm, Cloudinary, Instagram, Justpaste.it, LinkedIn, Oath, and Snap have also recently joined this hash-sharing consortium, and we will continue our work to add additional companies throughout 2018.

In order to disrupt the distribution of terrorist content across the internet, companies have invested in collaborating and sharing expertise with one another. GIFCT's knowledge-sharing work has grown quickly in large measure because companies recognize that in countering terrorism online we face many of the same challenges.

Although our companies have been sharing best practices around counterterrorism for several years, in recent months GIFCT has provided a more formal structure to accelerate and strengthen this work. In collaboration with the Tech Against Terror initiative — which recently launched a Knowledge Sharing Platform with the support of GIFCT and the UN Counter-Terrorism Committee Executive Directorate — we have held workshops for smaller tech companies in order to share best practices on how to disrupt the spread of violent extremist content online.

Our initial goal for 2017 was to work with 50 smaller tech companies to to share best practices on how to disrupt the spread of violent extremist material. We have exceeded that goal, engaging with 68 companies over the past several months through workshops in San Francisco, New York, and Jakarta, plus another workshop next week in Brussels on the sidelines of the EU Internet Forum.

We recognize that our work is far from done, but we are confident that we are heading in the right direction. We will continue to provide updates as we forge new partnerships and develop new technology in the face of this global challenge