Facebook & Google

New privacy policy after GDPR

Along with the new European GDPR and its focus on protecting privacy rights of Europeans, Google and Facebook updated their privacy policies in May 2019, both stating that their policies are now much easier to understand. Google in particular was successful with this marketing strategy. Many online articles are praising that Google's privacy policy is now clearer than ever.

However, if we look at the privacy policy, it becomes clear that even though easy-to-understand, the privacy policy as such remains highly problematic:

Here's what Google tracked back in 1999:

aggregated search activity

personal information you provide

clickthrough information

cookies

Here's what Google tracks in 2019:

Things you create or provide to Google: your name password phone number payment information content you create, upload, or receive from others when using their services

If you use Google services for calls or messages telephone information phone number calling-party number receiving-party number forwarding numbers time and date of calls and messages duration of calls routing information types of calls

Your activity terms you search for videos you watch views and interactions with content and ads people with whom you communicate or share content Chrome browsing history activity on 3rd party sites and apps that use their services voice and audio information when you use audio features purchase activity

Apps, browsers, and device data unique identifiers browser type and settings device type and settings operating system mobile network information including carrier name and phone number application version number IP address crash reports system activity date, time, referrer URL of your request

Data from publicly accessible sources

Data from partners trusted partners marketing partners security partners advertisers

Location data from GPS, IP address, device sensor data, wifi access points, cell-towers, Bluetooth-enabled devices

From Android devices with Google apps, collected periodically device type carrier name crash reports which apps are installed



Privacy policies are a nuisance to read. The New York Times tested privacy policies such as Facebook's and Yahoo's based on their complexity and easiness to read. The result: "Only Immanuel Kant’s famously difficult “Critique of Pure Reason” registers a more challenging readability score than Facebook’s privacy policy."

The good news is, however, it is not necessary to read the policy to change the settings. Even though it is tedious, this will at least limit the unlimited data collection of Facebook and Google. Nevertheless, you must keep in mind: If you didn't read the policy, you will never know for sure what exactly Facebook and Google are collecting. Not all data collection options have a settings option that can be disabled by the user.

Privacy strategy

While Facebook it mostly failing in convincing people that the company is improving user privacy rights, Google is a little bit more successful.

One of its latest features - confidential mode - received a lot of positive feedback from tech journalists. It is shocking to see how little many people understand about privacy and, in this case, confidentiality.

In fact, Gmail's confidential mode is more privacy-infringing than privacy-protecting.

Facebook and Google: Data leaks

Facebook and Google collect data from billions of people across the globe. Taking care of this data and securing it to the maximum should be a major focus for them.

Nevertheless, both companies fail when it comes to securing their users' data adequately.

Most recently Facebook exposed phone numbers of around 420 million Facebook users. Some of the records also had the user’s name, gender and location by country.

This follows one of the worst data leaks in online history: Facebook's Cambridge Analytica scandal where data of 87 million people was exposed.

And Google is no better: Recently, Tim Verheyden who uses Secure Connect, broke the story that Google employees are listening to your conversations, sometimes even when Google's smart home device was not activated on purpose.

In 2018 Google announced to shut down Google+ after data from 52.5 million users were exposed.

Opt-in instead of opt-out

Both companies - Google and Facebook - and in fact, all online services could immensely improve the protection of our privacy. A simple change from opt-out to opt-in would facilitate this.

Right now, if you want to protect your private data, you have to read through privacy policies, change privacy settings, basically, you have to actively do something, and it is a hassle. If you don't - and the majority of users doesn't - Facebook and Google can collect as much data about you as they wish.

The GDPR - with the requirement of an easy-to-understand and readable privacy policy - was a good start. Now we need even better privacy protection laws.

The default settings for any online service must be no or as little data collection as possible. Only if people actively opt-in, companies are allowed to collect any data.

This is, of course, completely against the interests of companies like Google and Facebook. That's why we need a new version of the GDPR, one that will truly protect citizens privacy.

Stop using Google & Facebook

The easiest way to protect your privacy, and to get away from Google's and Facebook's advertisement machine is to leave Facebook and Google completely. If you are ready for this, we recommend reading our guide with lots of recommendations of privacy-friendly alternatives.

Even one of the Facebook founders, Chris Hughes, says it is time to break up Facebook.

If you are not ready to quit Facebook and Google, yet, we recommend to at least change your privacy settings.

How to change Facebook and Google privacy settings

It takes just a few minutes to review and change your Facebook and Google privacy settings.