Google has launched a new privacy dashboard — technically just called Google Dashboard — that gives users quicker access to, and more control over, the personal information stored in Google’s databases. The dashboard is a one-stop shop for managing this data and the settings that are associated with the Google products you use when signed in to your Google account.

“We recognize how important our users’ trust is, so we’re looking for ways to be more transparent,” says Shuman Ghosemajumder, Google’s Business Product Manager for Trust & Safety. “Over the last 11 years we’ve launched a lot of products, so we wanted to provide more transparency for people using those products.”

How to access Google Dashboard

Google Dashboard can be reached by going to www.google.com/dashboard or by going to your Google Account page. You’ll see a link under Personal Settings that says “View data stored with this account.”

You’ll have to be logged in to your Google account first and, because the information in Google Dashboard is sensitive, Google requires a second login before you can access it.

What’s included in Google Dashboard

At the beginning, not all Google products are included in Google Dashboard. Ghosemajumder says there were some “last-minute technical issues” that kept some products out of Dashboard. Google hopes to add those within the next couple weeks. For now, here are lists of what’s in and what’s not:

Included: Account & Profile, Web history, Gmail, Docs, Calendar, YouTube, Blogger, iGoogle, Latitude, Reader, Talk, Health, Orkut, Picasa, Shopping List, Voice, Contacts, Alerts, Finance, Friend Connect, Tasks, Custom search engines, Mobile Sync

Not included: Checkout, Google Video, Groups, SideWiki, SearchWiki, Analytics, AdWords, AdSense, 3D Warehouse, Book Search, Sites, MyMaps, Base, Code, Moderator, PowerMeter, Feed Burner.

As Google launches new products in the future, Ghosemajumder says they’ll be added to Dashboard, too.

How Google Dashboard works

The dashboard lists all of the Google products that are associated with your account and shows different bits of data related to your use of each product. If you have a Gmail account, the dashboard shows information about your Inbox, Sent mail, Chat history, and more. If you use iGoogle, you’ll see how many gadgets are installed. All of the data in the Dashboard is considered private and only viewable by you, except in cases where you’ve elected to share data with others; a small “friends” icon will appear to indicate that.

More importantly, next to all this data are links to manage it. Gmail users will see links such as “Manage chat history” and “Manage HTTPS settings.” Google Docs users will see a “Manage documents” links. Ghosemajumder says that none of these management links are new. It’s all about organizing the user’s ability to see and control the data that gets shared with Google when using their products. Rather than needing to visit each Google product individually, users can manage everything from this single console.

If you use Google products while not logged in to your Google account, the data associated with those uses won’t show up in Dashboard.

Google Dashboard is currently available in 17 languages, and the company hopes to expand that to 40 languages soon.

Final thoughts

All of the major search engines face privacy issues, but it seems that Google is put under the microscope the most due to its size, success, and perhaps its ambition, too. Google clashes with governments over YouTube, over data retention, and even the idea that Google Maps helps terrorists. It clashes with regular Joes over Street View. It clashes with privacy groups over Google Latitude. The list goes on and on.

In September, Google announced its Data Liberation Front – a team focused on making it easy for users to move data in and out of Google products. The Google Dashboard is a sister and almost a prequel to that effort — one that helps users see and manage the data Google that Google has about them. It represents a step toward appeasing some of its critics and preventing some of these privacy clashes. The question is … will Google’s critics feel that it’s a big enough step?

Note From Danny Sullivan: I’m thrilled to see this step and look forward to seeing how it develops further. My Anonymizing Google’s Server Log Data — How’s It Going? post from last year looks at privacy issues at Google and the difficulty of knowing exactly what they have stored. That was a follow-up to Google Responds To EU: Cutting Raw Log Retention Time; Reconsidering Cookie Expiration, in 2007, which also looked at privacy pain points. In that article, we got our first hint that a dashboard might be coming from Google:

Figuring out where all my data resides and how to kill it is a pain — at Google or Microsoft or Yahoo, for that matter. John Battelle had a good suggestion back in early 2006 for a sort of private data control panel that could show you exactly what was stored where and put the user in control:

“I bet 95% of the public will never edit, or even view the data more than once. But the sense that the control panel is there, just in case, will be invaluable to establishing trust.”

We could use that more than ever. Google especially could use that, if it wants to stop the privacy attacks or at least stem them. How about it? I asked Google’s global privacy counsel Peter Fleischer about this yesterday, when talking to him about the Privacy International survey.

“We’re thinking hard internally along the digital dashboard-type of approach. Is there a way to give users a dashboard and visibility to all these elements and give them control,” he said. “It would be hugely complicated to build, but in terms of that vision, I completely share it, and we’re having deep discussions about it.”

So kudos also to John Battelle. His idea of a control panel dashboard, rather than a million settings and cryptic privacy policies, becomes a reality.

Is Twitter allowing search engines access to protected tweets or not? Not, Twitter tells me, though the company probably needs to do a bit more to prevent this type of confusion in the future.

The LA Times reported yesterday about a “Twitter hole” that it believed allowed Google special access to protected tweets, tweets made from Twitter accounts where owners have deliberately chosen not to have their tweets be made public.

Not so, said TechCrunch. The so-called protected tweets that the LA Times was finding in Google looked to be those made from before particular account holders locked down their accounts.

I checked with Twitter and got back the official word from their press office:

The TechCrunch article seems to sum up the confusion pretty well. It seems that the LA Times piece references tweets that were public but later the user protected the account, thus all subsequent tweets are private along with the profile. The tweets prior to that time cannot be un-cached.

Google has not been given a key to the castle…so to speak.

I’m good with this answer except for the word I’ve bolded — that formerly public tweets cannot be uncached. That’s incorrect.

Let’s take an example. Let’s assume you started your Twitter account in March. You started tweeting publicly, then in July decided to be private. Twitter doesn’t try to protect any of your past tweets. In fact, it’s pretty clear about this in its help page on the topic:

If you have a public account and you protect it, all updates after the time of protection will be protected. Your profile will only be visible to approved followers, and existing followers will not be affected.

Please note that tweets from protected profiles will not appear in search results. People will still be able to find your account using the Find People search tool but only people you’ve approved to follow your account will be able to see your tweets. Also note that any tweets posted while your profile is private will remain private indefinitely, and tweets posted while your account is public will remain public indefinitely

But Twitter could try to protect those formerly public tweets. As best I can tell, if you lock down an account, Twitter does make ALL tweets (formerly public or not) inaccessible to everyone accept those the account holder has authorized to see them. That includes search engines like Google or a Twitter-specific search engine like Topsy.

Well, if Google can’t get in to tweets after an account has been protected, why does it show some? And why does Twitter say this will happen?

Google seems to rely on the last information for a tweet that it could see. So you tweeted something in March. Google sees the tweet and records it. If in August, you protect your account. Google tries to revisit your tweets as it does with any web page, to make sure it has fresh information. It can’t get to any of your tweets now.

The ones from August, it never saw them, since they were never public — so it doesn’t list them.

That tweet in March? It keeps showing the information from the last time it saw it. And apparently, it will keep doing this for weeks or months.

Google didn’t send me a comment about this (I did ask, and I might get one later today). But that’s just how I know Google works and can see it specifically working with some protected tweets I investigated today.

As for Topsy, they told me:

Topsy only displays tweets that were once public. The refresh button will make them vanish if the account is now private.

Back to Google. Eventually it should update its old copy of the tweet with what it currently shows to non-authorized visitors, a message that says “This person has protected their tweets” (you can see this for millions of people on Google now).

Twitter could speed that process along by explicitly blocking tweets from a protected account with a meta robots tag configured to remove the page from the index entirely and from cached copies being allowed (the NOINDEX, NOARCHIVE commands).

That wouldn’t guarantee that formerly public tweets are all taken private, of course. Once something’s put out on the public web, it’s very difficult to pull it back. But it could help and seems an easy enough change to do.

If you have a protected account, also keep in mind that those who follow you might retweet what you tweet to the world. If you’re that worried, make sure you pick your followers carefully and regularly keep them informed that you don’t want things retweeted. Otherwise, be prepared for your private tweets to leak out.

For more about search and tweets, see my What Is Real Time Search? Definitions & Players post which cover some ways to make use of Google and its search options feature to drill-down into tweets.

Get ready marketers: a credible new report with sweeping implications from the University of Pennsylvania and UC Berkeley is likely to be the nail in the coffin of self regulation of online advertising. Specifically I’m talking about behavioral targeting, which largely concerns online display advertising but does marginally touch search at Yahoo and Google.

The NY Times discussed the report, released today:

The study’s authors hired a survey company to conduct interviews with 1,000 adult Internet users. The interview, which lasted about 20 minutes, included questions like “Please tell me whether or not you want the Web sites you visit to give you discounts that are tailored to your interests.” The results were later adjusted to reflect Census Bureau patterns in categories like sex, age, population density and telephone usage.

Tailored ads in general did not appeal to 66 percent of respondents. Then the respondents were told about different ways companies tailor ads: by following what someone does on the company’s site, on other sites and in offline places like stores.

The respondents’ aversion to tailored ads increased once they learned about targeting methods. In addition to the original 66 percent that said tailored ads were “not O.K.,” an additional 7 percent said such ads were not O.K. when they were tracked on the site. An additional 18 percent said it was not O.K. when they were tracked via other Web sites, and an additional 20 percent said it was not O.K. when they were tracked offline.

Lawmakers have been ready to regulate “behavioral advertising” for some time and the FTC has signaled that it did not believe marketers were doing a good enough job with self regulation. However, the new economic and political climate, more favorable toward regulation, combined with public frustration and anger generally have set the stage for regulation of some kind.

Search will largely be exempted because of the way it works — keyword matching rather than data mining —  although the search engines’ data retention policies are implicated by the report (which I quote a bit more fully on my blog). Yahoo is using search queries as part of its behavioral targeting and Google not long ago implemented “Interest Based Advertising,” a euphemism for behavioral targeting.

However, Google’s privacy and preferences management could become a kind of model in some new regulatory regime.

Very soon lawmakers will introduce legislation to more aggressively protect consumer privacy. One member of Congress, Rick Boucher of Virginia, recently wrote:

Because consumers need an assured level of control over the collection, use and sharing of information about them, a statute providing those assurances is now called for. That goal should be achieved by legislation, which reflects best industry practices and requires that they be followed by all websites that collect information from Internet users. Legislation assuring Internet users that their online experience is more secure will be a driver of greater levels of Internet uses such as e-commerce, not a hindrance to them.

In my view all this points to “when” rather than “if” and the question is: what disclosure and data management burdens will imposed on marketers and publishers? As I said, I think search will largely be unaffected but display could be profoundly affected.

If people are required to be given an “up front” opportunity to “opt-out” of targeting a majority likely will: “Tailored ads in general did not appeal to 66 percent of respondents.”

There is a much longer post to be written on Google’s privacy policies and its history of combatting or complying with government requests for information and those of third parties using the courts to get access to user data. But I’ll take two recent items to illustrate the complexity and potential contradictions here.

Google was just ordered to turn over the identity of some Gmail users pursuant to a defamation lawsuit between a Miami-based developer and a newspaper publication that tied the developer to government corruption in the Turks and Caicos Islands. According to an AP article:

Developer Cem Kinay of Miami accuses TCI Journal of causing “reputational damage and lost profits,” according to a civil complaint filed in California. A court order tells Google to turn over data that may help identify users of the newspaper’s account with Gmail, the Internet search company’s e-email service.

Google said in a statement to The Associated Press it is obligated to comply with “valid court orders,” but generally notifies users to give them time to challenge an order, as it did in this case.

This is legally identical to a recent case in which Google was ordered to reveal the identity of an anonymous blogger who was publicly insulting model Liskula Cohen. Ultimately the matter was dropped by Cohen. But it seems pretty clear that these sorts of defamation actions will continue and potentially even pick up steam. It’s also clear that Google will not get involved in defending against them or the idea of revealing user identities.

Stepping back, legal process often comes down to “reasonableness” and balancing competing interests. If someone is being defamed and it is causing damage the injured party does have the right to determine the identity of the person making defamatory claims and pursue an action. The process then determines whether the defendant is liable or not. The complicating factor is that judicial process is sometimes abused and sometimes “defamation” claims are used intimidate people and prevent speech or criticism; one could potentially put the first example above in that category (as the defendants claim).

Now I’ll turn to Google Books and Google’s recent statement about privacy and Books. On its public policy blog, Google says the following:

While Google Books has always been covered by the general Privacy Policy for all of Google’s services, we understand that the privacy of reading records is especially important to readers and libraries. We know that users want to understand how Google’s privacy practices apply to Books today, and what will happen after the settlement. To provide all users with a clear understanding of our practices, and in response to helpful comments about needing to be clearer about the Books product from the FTC and others, we wanted to highlight key provisions of the main Google Privacy Policy in the context of the Google Books service, as well as to describe privacy practices specific to the Google Books service. We’ve also described some privacy practices for services created by our proposed settlement agreement, which is currently awaiting court approval.

In its Google Books Privacy Policy Google says:

• We do not share your personal information with third parties, except in the narrow circumstances described in the Privacy Policy, such as emergencies or in response to valid legal process.
• When you use Google Books, we receive log information similar to what we receive in Web Search. This includes: the query term or page request (which may include specific pages within a book you are browsing), Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser . . .
• Special legal privacy protections for users may apply in cases where law enforcement or civil litigants ask Google for information about what books an individual user has looked at. Some jurisdictions have special “books laws” saying that this information is not available unless the person asking for it meets a special, high standard – such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader’s interest in reading anonymously under the United States First Amendment or other applicable laws. Where these “books laws” exist and apply to Google Books, we will raise them. We will also continue our strong history of fighting for high standards to protect users, regardless of whether a particular “books law” applies. In addition, we are committed to notifying the affected user if we receive such a request that may lead to disclosure of their information; if we are permitted to do so by law and if we have an effective way to contact the user, we will seek to do so in time for the user to challenge the request.

Without getting into a an arcane legal discussion here, Google is saying that it must comply with court orders but that it will protect users’ privacy and fight against disclosure of reading lists and user search queries. Google did something analogous in early 2006 when it was the only major search company to fight a Justice Department subpoena seeking search records, justified on that grounds that it was part of the enforcement of the 1998 Child Online Protection Act.

One could imagine the US government or some overzealous government agency trying to get access to reading lists or records to see who might be reading about terrorism or bomb-making or “communism” (even). In that latter context, think about how valuable Google Book Search queries and reading lists would have been, if they had existed in 1950, to someone like Senator Joseph McCarthy in seeking to root out “spies in our midst.” This is hyperbole on my part to make the point that the government might want to get access to this type of information, as it did with query logs in 2006.

Google is steadfastly saying that it will resist such efforts. But is there a double standard?

Where individual identity is an issue it has indicated it will reveal that information if there is a court order. But where broader search query logs are implicated it has fought or indicated it will fight (although that has been championed under the banner of individual privacy). I’m not trying to be a cynic here but I’m seeking to find a way to reconcile these potentially contradictory positions on user privacy.

Google, what say you?

Google is now using location-enabled mobile phones that have Maps for mobile installed to improve its real-time traffic data. According to the Google Blog:

If you use Google Maps for mobile with GPS enabled on your phone, that’s exactly what you can do. When you choose to enable Google Maps with My Location, your phone sends anonymous bits of data back to Google describing how fast you’re moving. When we combine your speed with the speed of other phones on the road, across thousands of phones moving around a city at any given time, we can get a pretty good picture of live traffic conditions. We continuously combine this data and send it back to you for free in the Google Maps traffic layers. It takes almost zero effort on your part — just turn on Google Maps for mobile before starting your car — and the more people that participate, the better the resulting traffic reports get for everybody.

Google won’t divulge exactly how many users of Google Maps for mobile there are, but it’s a central feature/app on the iPhone. It’s also available on the other major smartphone platforms. If roughly 50 percent of iPhone/iPod Touch users are in the US and there are 45 million owners of the devices around the world (according to Apple), it’s safe to say that there are many millions of location-aware handsets driving the morning and evening commutes.

In addition, Google has now added “live traffic conditions on arterial roads in selected cities” — in other words secondary or connecting routes. These data are coming in part from the mobile phone crowdsourcing described above. As you zoom in you can see more traffic data on those smaller roads. Here’s how the routes into midtown Manhattan look at roughly 1:30 p.m. Eastern today:

Mindful of those concerned about being tracked, Google says that the data being transmitted by phones is totally anonymous:

We understand that many people would be concerned about telling the world how fast their car was moving if they also had to tell the world where they were going, so we built privacy protections in from the start. We only use anonymous speed and location information to calculate traffic conditions, and only do so when you have chosen to enable location services on your phone. We use our scale to provide further privacy protection: When a lot of people are reporting data from the same area, we combine their data together to make it hard to tell one phone from another. Even though the vehicle carrying a phone is anonymous, we don’t want anybody to be able to find out where that anonymous vehicle came from or where it went — so we find the start and end points of every trip and permanently delete that data so that even Google ceases to have access to it.

These assurances won’t satisfy all critics and perhaps, especially, not the EU if Google seeks to use the same methodology in Europe at some point in the near future. Google is clearly very sensitive to the issue. As they should be; there’s empirical evidence that US consumers are in fact concerned about the capacity to be tracked through their phones, although they equally benefit from the location-awareness capability.

Google uses several unnamed sources to obtain traffic data, beyond the crowdsourcing discussed above.

Microsoft used handheld GPS devices in 2007 to develop its ClearFlow traffic prediction modeling. And independent traffic service Inrix, which also works with Microsoft, uses data from GPS devices. It should also be mentioned that Yahoo was the first of the major engines to offer real-time traffic data on maps in 2004.

Google Watch points out a job posting on the Google site for “Privacy Policy Counsel” based in Washington, DC. Given that Google is under much more pressure and scrutiny from the US Department of Justice these days, this kind of hire makes sense. Google is recognizing that it’s got to build direct relationships with legislators and policy makers if it is to successfully fend off the anti-trust squad. Here’s the job listing in full:

As a former lawyer I meet (or think I meet) all these criteria except that I don’t have “at least 5 years of direct experience in the privacy field working in or with the various brancies . . . of the US governtment . . .” Rats.

IxQuick, which bills itself as “the world’s most private search engine,” has changed its name to the much-easier-to-remember Startpage.

Startpage is a meta search engine that’s tried to differentiate itself from the pack by using privacy as a marketing feature. In 2006, shortly before the mistaken release of three months of AOL search data, the service announced that it would purge its users personal data within 48 hours. This past January, IxQuick stopped recording IP addresses completely and began offering secure searching via the https protocol.

But judging by the general lack of awareness about IxQuick/Startpage, the focus on privacy hasn’t resonated yet with the general search population. Meanwhile, the big three search engines currently hold on to user data for three months (Yahoo), nine months (Google), and 18 months (Microsoft/Bing).

A new study published by graduate students at University of California, Berkeley showed that Google is the leading footprint on the top 100 sites in their study.

As you can see from the chart below, Google Analytics was found on 81% of the top 100 sites, while DoubleClick (owned by Google) was in second place, by being found on 70% of those sites. Microsoft came in third with Atlas showing up on 60% of those sites. Here is the chart:

When combining Google Analytics, DoubleClick, AdSense, Google Widgets, Google FriendConnect and others, Google has a 88% footprint on those sites:

The New York Times blog has additional commentary on the limited study.

Postscript: Google: Master Of Closing The Loop? by Danny from April 2007, Danny talked about this issue. Back then Google said they would not mix and match the data between products.

There are several reports today that Greece has banned Google’s Street View … but Google disagrees.

Privacy is Greece’s main concern, just as it’s been with the other villages, towns, cities, national governments, and other organizations that have lined up against Google Street View. Greece’s Data Protection Authority (DPA) announced on Monday that it’s banned Google from taking photos in Greece, and that it wants more information about how long Google will store the images it takes and what Google will do to make sure residents know their privacy rights.

But the BBC reports that Google denies it’s been banned in Greece. A Google spokesperson says:

“Street View has not been banned in Greece. We have received a request for further information and we are happy to continue discussing these issues with them. We will discuss with them whether it is appropriate for us to continue driving in the meantime.”

Google wants to expand Street View to more countries, but it seems many of them don’t want their pictures taken. And so Street View’s rocky road continues….

AT&T which has publicly advocated on behalf of relatively stringent rules and opt-in requirements around behavioral targeting (BT) appears to have been working with BT firm Audience Science (formerly Revenue Science). Wendy Davis at MediaPost has written two related stories on the issue. Here’s her summary of the apparent contradiction between AT&T’s public position and its behavior:

While many marketers work with online behavioral targeting companies, AT&T’s apparent relationship with Audience Science is striking because the telecom has publicly said that behavioral advertising — or tracking people as they surf the Web and serve ads based on the sites they visit — requires consumers’ explicit consent. Audience Science, like most behavioral targeting companies, allows consumers to opt out of targeting, but doesn’t seek their affirmative consent to it.

Dorothy Attwood, AT&T senior vice resident, public policy and chief privacy officer, testified before Congress Thursday that the company believes that behavioral advertising requires “affirmative, advance action by the consumer.” The hearing, held by a House Energy and Commerce subcommittee, was mainly focused on how network operators can monitor consumers using deep packet inspection and other technology.

AT&T appears to be a “partner” of Audience Science. In a related MediaPost story, Davis wrote:

A spokesperson for AT&T initially told Online Media Daily that the company does not use behavioral targeting. When told that Audience Science’s Web site listed AT&T as a client, the spokesperson said he would investigate.

He did not offer further comment, but Audience Science’s Web site had been changed by late Thursday, and AT&T’s name no longer appeared as an Audience Science advertiser partner.

It’s not exactly clear whether AT&T is using BT in its capacity as a publisher or delivering user data to Audience Science as an ISP — or both. Without reviewing all the controversy around BT, the US Federal Trade Commission has allowed the online ad industry to self-regulate for the time being with a “we’re watching you” caveat. Here’s what FTC Commissioner Jon Leibowitz said in February of this year:

In sum, almost all of us want to see self-regulation succeed in the online arena, but the jury is still out about whether it alone will effectively balance companies’ marketing and data collection practices with consumers’ privacy interests. A day of reckoning may be fast approaching.

Congress continues to be interested in the subject of online ad targeting as all the major online publishers and ad networks get more aggressive about targeting in an effort to boost response. Yahoo and Google are both using BT. And Yahoo recently started using search queries as part of the BT mix.

ISPs in the US and UK were set to work with BT companies NebuAd and Phorm respectively. While efforts with Phorm in the UK appear to still be going forward (though not without problems), several US ISPs have been “spooked” by criticism and have backed away from working with NebuAd, which is probably going to have to change its model or die accordingly.

BT works, but publishers and technology companies too hungry for clicks and conversions are sewing the seeds of regulation with their lack of disclosures and aggressive techniques. I woudn’t be surprised if a federally mandated “do not track” list came into being in the not-too-distant future.