by Parmy Olson
For days after the Supreme Court’s decision to overturn Roe v. Wade, big tech companies remained silent on what they would do with their troves of newly incriminating data on women in America. Then last Friday, as the country set off for the holiday weekend, Alphabet Inc.’s Google piped up. It offered a pledge to help women that ultimately rang hollow and showed how masterfully it guards its business. Beginning in a few weeks, the company will automatically delete the location history of anyone who visits a “personal” place like an abortion clinic, weight loss center or domestic violence shelter, the company said in a blog post.
The announcement drew cautious praise from civil liberties advocates. But many said that Google needed to go further and delete all location data and search queries. After all, why should engineers at a tech company be the ones to decide which addresses are sensitive? Would they obscure underground abortion practitioners, too? And what is the point of deleting a woman’s location data if police can still see her web searches, including that she googled “Planned Parenthood”?
For all the hopes that American women will become like undercover agents who use burner phones, anonymizing browser extensions and DuckDuckGo, a privacy-oriented search engine, to protect themselves when they need an abortion, the vast majority of women will still go to Google. Searches for “abortion clinic near me” surged on June 24, the day the Supreme Court announced its ruling, far outranking searches for “Do I have COVID?” Google’s inviting search bar has become humanity’s first port of call for any new dilemma, a reflex as common as drinking water when you’re thirsty.
This is why Google’s pledge to obscure some location data doesn’t help all that much in the long run. Google’s unprecedented hoard of information puts it in an even more powerful position. It gives concrete meaning, at a much wider scale, to years of privacy concerns: Innocuous personal data it holds is now evidence. It could lead to criminal charges.
Since Google has played by the rules with prosecutors until now, there is no reason to think it will stop doing so. The company received nearly 150,000 requests for user data from US law enforcement in the first half of 2021, according to the company’s internal transparency report, and it handed over information on users in 78% of those cases. An estimated 26 states are expected to ban or heavily restrict abortion, and prosecutors will almost certainly go to tech companies, such as Google and Facebook parent Meta Platforms Inc., to seek the evidence they need to charge people who help provide the procedure.
But Google’s pledge is just the latest in a string of successful moves in recent years to paint itself as a more privacy-friendly company even as its business thrives from mining and processing personal information.
For instance, the company in 2019 introduced a new setting for anyone who has a Google account (applying across Gmail, YouTube and other Google services) to ensure that their location data gets automatically deleted every three months. In the last few years, Google has also pledged to end support for third-party cookies, to stop advertisers from building profiles on anyone who uses its popular Chrome browser.
Both these initiatives sound promising and great for privacy. But they also leave people’s data open to exploitation by Google, and its data-hungry business thrumming. You can probably guess how many people have taken advantage of Google’s new auto-delete setting: very few. Google hasn’t been crystal clear on how people have used its various privacy settings, but it ranges from one million to 200 million users, or less than 5% of Google’s total user base, according to the company’s own statements.
Google’s initiative with third-party cookies is also a double-edged sword on privacy. While it does stop invasive targeting by advertisers, it doesn’t keep Google itself from amassing personal data for its own advertising and targeting purposes, across its own properties. An American woman’s location data or search queries are valuable to Google because they can help it direct relevant ads to her on, say, YouTube.
So long as the company’s $200 billion-a-year business keeps growing, it’s hard to imagine that Google will delete substantive data from its systems unasked, even if that data puts more women in legal jeopardy. Google didn’t respond to a request for comment about this column.
Google’s ability to protect its own data hoard might not last forever, though. It technically shouldn’t be sharing data among its various properties, under European privacy law. One rule set forth in Europe’s General Data Protection Regulation says that companies shouldn’t use data for anything other than a specified purpose. Imagine if Google could use your location data only for a single purpose, such as predicting where you are on a map, and not also for targeting you with ads. That would significantly damage its ad business.
Luckily for Google, regulators haven’t enforced the “purpose limitation” rule, and the company has been able to cross-pollinate data to its heart’s content.
Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties who has tracked Google’s advertising practices for years, said that could change in the future. Ad giants such as Google and Facebook have thousands of different processing purposes for the data they collect, he estimates.
At some point, Google might find that the financial benefits of holding incriminating personal data suddenly decline. But that will take rules imposed on the company, not from a blog post written to generate positive publicity.