Future Tense

Google Changed a Major Privacy Policy Four Months Ago, and No One Really Noticed

How closely do you read Google’s privacy policies?


Photo by LEON NEAL/AFP/Getty Images

For almost 10 years, Google promised to protect users’ privacy from advertisers by keeping personally identifiable information about its users, gleaned from Gmail accounts and other Google services, separate from its subsidiary DoubleClick’s database of web-browsing records.

But the company quietly updated its privacy policy in June to say that users’ activities on other sites “may be associated with your personal information,” ProPublica reported Friday. Google’s previous privacy policy, which is literally crossed through in front of its new one in Google’s new privacy policy, had pledged to “not combine DoubleClick cookie information with personally identifiable information” without users’ consent.


Google purchased DoubleClick, an online advertising company, in April 2007 for $3.1 billion in cash, outbidding Microsoft in a months-long battle. DoubleClick uses cookies to collect and store data about users from their browsing history to best place their clients’ advertisements. For example, a user who visits the sports section of a news site will be more likely to be shown ads for game tickets than ads for makeup. ProPublica’s Julia Angwin notes that at the time of the 2007 purchase, Google’s privacy policy stated that DoubleClick’s ad-serving technology will rely only on “non-personally-identifiable information,” which had allowed online ad tracking to remain anonymous.

Angwin writes:

The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.*

Existing Google users were prompted to opt in to the new policy. But it was enabled by default for new users.

You can view what Google thinks your interests are, and choose to opt out of personalized ads, here. In its privacy policy, Google states that it does not sell any personal information, such as names, email addresses and payment information.

This summer’s change follows a long-term trend of decreasing privacy standards for Internet users. In 2000, the Federal Trade Commission launched an investigation of DoubleClick’s handling of sensitive user information after it purchased Abacus Direct, a company that sells consumer purchasing data. Although the FTC dropped the investigation in January 2002 and determined there had been no violation, DoubleClick sold its subsidiary at a loss. And then in 2012, Google announced that it would share data between other Google products, but still kept the data separate from DoubleClick. Unlike this most recent update, the 2012 change was mandatory for all Google users.

So how will this affect your life? Probably not much, even if you’ve opted in to the new change, given that your Gmail content was already fair game for ads displayed within Gmail. But we are now one step closer to a world, imagined in Slate by Evan Selinger and Shaun Foster, in which advertisements on the street and screens morph into images of your own avatar using or wearing the product.

*Update: This portion of Julia Angwin’s ProPublica article was updated with a correction after this blog post was published.