The Google Books settlement and privacy: frequently asked questions

Thursday, July 23, 2009 at 10:45 AM

The following are some questions we've heard about privacy and Google's proposed settlement agreement with authors and publishers, which is still subject to approval by the court. We've addressed many of them here, and may update this document as our product plans evolve. For more on privacy and the agreement, take a look at our blog post. Thanks for reading.

What is Google going to do to ensure reader privacy if the settlement is approved?

Important principles from our Google Privacy Policy would apply to this service, as with every Google service. For example, we will never sell personal information about our users. In fact, we will never share individual users' information at all unless the user tells us to, or in some very unusual circumstances that are spelled out in the Privacy Policy, like emergencies or when we receive valid legal process. The Book Rights Registry created under the settlement won't have access to users' personal information, either.

Users will also have choices about the kinds of information that Google receives when they use the service. Most of the new ways of reading books online that the settlement makes possible will not require any kind of registration or account with Google. For example, people who use institutional subscriptions, such as students at subscribing schools, will not have to register with Google to read the millions of books available through the subscription. They only need to confirm their identity to the school’s system – not ours. And of course, regular users of Google Books do not need to set up an account to get the benefits of the settlement. They will be able to see much larger portions of books – often 20% of the book, instead of the current three short snippets – without having an account or giving personal information to Google.

Will Google give data about individual users to the Book Rights Registry?

No. Google is not required under the settlement agreement to provide individual user data to the Registry, and will not be providing it. In fact, the settlement specifies that in circumstances where the Registry seeks this data, it should use legal processes to do so. The Registry will receive aggregate usage data that is needed for the allocation of revenues under the settlement agreement; however, this will not include information specific to individual users.

Will Google be selling data on what users read to other parties?

No. The Google Privacy Policy is clear that we do not sell users' personal information.

Will users have to get a Google account to use Google Books? What about students at colleges or universities?

Users of Google Books will not be required to have a Google account. Anyone can freely search Google Books and preview up to 20% of most books without logging into Google. For the institutional subscription, Google will conform to common practices adopted within the industry to protect user privacy: users will be authenticated either using the student's or the institution's IP address, or using other methods such as Shiboleth -- a technology that lets Google confirm that a user is part of a subscribing institution without knowing who that user is. For the Public Access Service terminals, authentication will be based upon IP and Google will not have information about the individual user.

If someone uses a free public access terminal in a public library, what data will you keep about them and what they read?

Unless that person chooses to log in to use a Google account, we will not have any information that would uniquely identify them when they access Google Books from a public access terminal in a public library.

Why weren't privacy provisions included in the settlement?

The settlement was a negotiation between the plaintiffs in the lawsuits and Google. It settles the copyright claims that were raised, and addresses the new uses authorized by the copyright holders under the settlement -- including detailed provisions for security of scanned files, and other considerations relevant to the lawsuit. It does not attempt to prescribe Google's product plans beyond the points that related to this authorization -- which is a good thing, both for users and for privacy. For one thing, the product has not yet been designed and developed, which makes detailed privacy policy drafting almost impossible. Also, with a product such as this, it is important to engage in discussions with the broader community and in particular with institutions such as libraries about the appropriate privacy policy for these services. Google has been actively engaging with representatives of the library community and other public interest groups to get input on what should be included. These discussions have been very helpful and we expect to continue to engage in these discussion as we develop our products.

What has changed in this document since it first went up?

Well, we added this FAQ about what has changed in this document since it first went up. Also, we revised the first question to make it clear that in addition to emergencies, there are other rare situations where we may disclose data, such as when we receive legally valid process -- meaning appropriately issued formal legal demands, such as search warrants or subpoenas. Full details about when and how we share information are in the Privacy Policy document.


No comments: