Data Privacy Day arrives on Saturday at a tricky time for Google and Facebook. Both of the Web giants recently revised their often-disputed privacy policies, and in the process drew stinging criticism from lawmakers and security experts.

Google announced on Tuesday that it was unifying the privacy policies of its 60 or so online properties in order to, as Google said, make a "simpler, more intuitive Google experience." The announcement came days before Data Privacy Day, an event coordinated by the nonprofit National Cyber Security Alliance (NCSA) which is "designed to promote awareness about privacy and education about best privacy practices."

It's a positive step for Google, at least in terms of making itself more transparent and educating its customers, said Alisdair Faulkner, chief products officer for the San Jose, Calif.-based security firm ThreatMetrix. But Faulkner thinks there's something darker lurking behind the press releases and official statements.

It's all about the ads

Faulkner applauded Google's attempt to be more straightforward, but said a consolidated privacy policy "makes it easy for Google to update it and change it as it sees fit. Every time you sign in, you have one set of assumptions about what Google's doing with your data. If that changes, that could be a problem."

The bottom line, Faulkner said, is Google's bottom line.

The major reason why Google is revising its privacy policy is to better serve ads to you, Faulkner said. And the best way to do that is to link all the information the company collects about its consumers — not just the data from their home computers, but from their mobile devices as well.

"They use intelligence to track your mobile, and everywhere you go, to serve ads to you," he said.

Faulkner said "people don't always connect the dots" — they don't always recognize that every service they access on their smartphone while logged into Google is monitored and leveraged so that the company can send more finely targeted ads, and thus keep the cash rolling in.

Is Google+ a minus?

Google's recent decision to tie in personalized search results with Google+ postings calls into question whether such a thing as online privacy exists at all, and if so, for how much longer.

"The story behind the story is Google unifying its applications," Faulkner told SecurityNewsDaily. "Previously, I didn't mind Google searching — I assumed I was fairly anonymous. Now it's all tied to Google+, and they're forcing (Web searching) to be tied to an identity."

Faulkner argued that the "point of control is being taken away from the user."

It's a valid point, given the other option, which is to remain a Google+ outsider and be denied access to certain services.

Facebook's ongoing privacy woes

Faulkner wasn't overly enthused about Facebook's system of user privacy, either. On Tuesday, Facebook announced that Timeline, its long-delayed reworking of every user's homepage that displays everything he or she has ever posted , would soon become mandatory.

In recent months, Facebook has also added a scrolling ticker that broadcasts your Facebook actions in real time to all your friends, and integrated third-party apps that link your Facebook page to dozens of other websites across the Web.

"Privacy is not a setting on your profile," Faulkner said. "Sure, I can restrict what I share to others, but that doesn't stop the surveillance about everything I do, my browsing habits, the music I listen to, the things I'm buying online. All that's being indexed."

Faulkner said Data Privacy Day, despite the fact that some see the phrase as an oxymoron, is essentially a call to attention for the everyday Web user who may not have any idea how his data is being used.

"At the end of the day, what we really need is transparency, to have people know what's being done with their data and to have the right to opt in or opt out," he said. "We need a standard by which customers know as soon as they hand their data over what's being done with it."

"Privacy isn't something you give away once," he added, adding that consumers should have the ability to change their privacy settings every time they access a service.