Web sites

Google: New Privacy Policy to Have Little Impact on Enterprise

Google's plan to share user data across its online services will have little effect on users of the company's enterprise, government and education application suites, the company said.

The rewrite of Google's privacy policies, scheduled to roll out March 1, will not change Google Apps for business, government and education because those applications suites already link services such as email and calendars, Google spokesmen said. If a user of one of those suites logs into a separate personal Google account, such as YouTube or Google+, those services will not share the user's personal information with the enterprise suites, they said.

Google will not establish relationships between users' work accounts and personal accounts, a spokesman said.

Businesses, government agencies and schools using the apps suites have contracts with Google that generally specify how the vendor will handle their users' data, Google said.

"As always, Google will maintain our enterprise customers' data in compliance with the confidentiality and security obligations provided to their domain," Google said in a statement. "The new privacy policy does not change our contractual agreements, which have always superseded Google's privacy policy for enterprise customers."

IT research and consulting firm Gartner is advising private-sector enterprise clients that use Google Apps to review their contract with Google to make sure it contains language that shields their organization from potentially negative effects of this new privacy policy.

"If they signed the standard Google Apps contract or didn't insert specific language about privacy and the like, then these Google privacy policy changes will impact them," said John Pescatore, a Gartner vice president and research fellow.

Google Apps administrators should also make it clear to their employees that they need to have a separate, individual Google account for nonwork Google tasks and applications, especially personal use of the Google+ social networking site, he said.

"In many cases, especially in smaller businesses, that's not the case. The user has the Google account and that's what's being used for doing work email and personal email and Google+ and search," Pescatore said.

Another reason why existing Apps customers need to review their contracts is the recent controversy over how Google allegedly bypassed privacy settings in browsers, including Safari and Internet Explorer, he said.

It's an example of why enterprises need to be specific about what privacy settings and policies they want respected, independent of the changes Google may make to its own privacy policies and practices, he said.

"The only real protection enterprises have is in what contractual language they have with Google," he said.

From Google's part, the company could be more "friendly" to enterprises, in the same way that it has agreed to certain requirements in order to win Google Apps business from U.S. federal government agencies, he said.

Ultimately, IT decision makers need to understand that Google makes most of its revenue from selling online ads via its consumer online services, and that its strategy decisions are made mostly with this business in mind, he said.

"Google isn't an enterprise IT provider. It's a consumer-grade advertising provider," he said. "Enterprises have to be very careful when they enter into contracts for Google services that they make sure they're getting all the liability protections and agreements that they'd seek if they were looking at Microsoft, Oracle, IBM or anybody else," he said.

Several privacy groups protesting the changes have focused more on the effect on consumer users of Google products, and not on enterprise users. But attorneys general from 37 U.S. states and territories, in a letter sent to Google this week, included concerns about business and government users among the issues they are focused on.

"For users who rely on Google products for their business -- a use that Google has actively promoted -- avoiding this information sharing may mean moving their entire business over to different platforms, reprinting any business cards or letterhead that contained Gmail addresses, re-training employees on web-based sharing and calendar services, and more," the letter said.

"The problem is compounded for the many federal, state, and local government agencies that have transitioned to Google Apps for Government at the encouragement of your company, and that now will need to spend taxpayer dollars determining how this change affects the security of their information and whether they need to switch to different platforms," the letter said.

But Google will not share user data between separate accounts, even for consumer users of its products, a Google spokesman said. For example, if a Google user has separate log-ins for YouTube, Google Reader and Google+, those applications will not share personal information with each other.

The changes are intended to offer users of multiple Google services a seamless experience. If a YouTube user views several videos on car engines, Google's search may emphasize information about the Jaguar car brand and not the animal.

Privacy groups have complained that the changes will allow Google to better track users and collect personal information.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Subscribe to the Today in Tech Newsletter

Comments