For some privacy advocates, Google’s proposed $3.1 billion acquisition of DoubleClick represents a major threat.
Privacy groups such as Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD), which have raised red flags ever since Google announced its planned acquisition in mid-April, are finding new support this week. The acquisition would marry the leading Internet search provider with a huge provider of display advertising, a “merger of two No. 1s,” said Jeffrey Chester, CDD’s executive director.
On Tuesday, a group of 12 Republican members of the U.S. House of Representatives called for hearings on the merger. The 12 sent a letter to Representative Bobby Rush, the Democratic chairman of the House Energy and Commerce Committee’s Subcommittee on Commerce, Trade and Consumer Protection, saying they are concerned over the privacy implications of the merger.
“Google and DoubleClick would have one of the largest search query databases with one of the world’s largest online user behavioral profile databases,” said the letter, signed by Representative Cliff Stearns, of Florida, the senior Republican on the subcommittee, Representative Dennis Hastert, an Illinois Republican and former speaker of the House, and 10 others. “The privacy implications of such a merger are enormous and, without an in-depth examination, we and the American public will not fully understand what all of those implications are.”
In addition to the congressional letter, the American Antitrust Institute, which generally opposes large mergers, released a position paper opposing the DoubleClick deal on competition grounds. The merger “short circuits what otherwise was shaping up to be a healthy competition between two market-leading firms in each other’s core markets,” the group said.
A Google spokesman suggested privacy concerns about online advertising are broader than the DoubleClick acquisition. Last week, at a U.S. Federal Trade Commission workshop on online targeted advertising, FTC Commissioner Jon Leibowitz noted that an FTC review of the DoubleClick acquisition was focused on competition issues, not privacy.
“Google has taken a number of industry-leading steps to improve privacy for our users, and the success of the DoubleClick acquisition depends on our retaining our users’ trust,” said Google spokesman Adam Kovacevich. “We think that Congress would be best served by taking an industry-wide look at the issue, just as the FTC did at last week’s town hall.”
Google officials have repeatedly defended their privacy record, saying that their company was one of the first to announce it would anonymize the captured IP (Internet Protocol) addresses of its users, in Google’s case after 18 months. In addition, DoubleClick doesn’t own the user data when it serves advertisements to client Web sites; instead the Web sites own the data, said Nicole Wong, Google’s deputy general counsel, speaking last week at a U.S. Federal Trade Commission workshop on targeted online advertising.
Users can access many Google services without logging in, and Google constantly works on making its privacy policy easier to access and understand, Wong said. Google recently posted videos on YouTube explaining its privacy policy, she added.
“Our users’ trust and their privacy are critical to our business,” Wong said at the FTC workshop. “Our users are free to pick up and leave, and because of that, we have to work every day, on every product, to earn their trust and their business.”
Privacy concerns about the DoubleClick deal aren’t going away, however.
CDD, EPIC and the U.S. Public Interest Research Group (US PIRG) filed an 11-page complaint about the Google-DoubleClick merger with the FTC April 20. CDD and US PIRG filed a supplemental complaint about industry-wide privacy practices on Thursday, as the FTC opened its two-day workshop on online behavioral advertising.
“There are profound consequences to the outcome of this deal,” said CDD’s Chester. “We have to have safeguards here.”
Google has largely avoided commenting on the specific complaints, which fall generally into three categories:
• Google and DoubleClick would hold a huge database of information about Internet users.
The acquisition “will give one company access to more information about the Internet activities of consumers than any other company in the world,” CDD, EPIC and US PIRG said in their April complaint. “Moreover, Google will operate with virtually no legal obligation to ensure the privacy, security, and accuracy of the personal data it collects.”
Google officials have in part disputed those claims by saying DoubleClick doesn’t own data on users and by saying its anonymization of IP addresses after 18 months will protect privacy.
• Secondly, privacy groups complain that Google isn’t transparent about what privacy information it collects. The April complaint noted that Google does not explain that it saves users’ search terms in connection with their IP addresses on its privacy policy highlights page, but Google does explain what information it collects in a link on that page. Google’s layered privacy policy is organized the way it is so that it’s easy for readers to digest, Wong said.
Google tries to make its privacy policies sound like they’re not written in lawyer-speak, she added. Her work on the privacy policies was “an exercise in creative writing I haven’t had since graduate school,” she said.
• Finally, privacy advocates say DoubleClick has a record of questionable information collection practices. EPIC, in February 2000, filed an FTC complaint saying the company was illegally tracking the online activities of Internet users with detailed personal profiles contained in a national marketing database. In March 2000, DoubleClick issued a statement saying the merged database was a mistake. In January 2001, the FTC reached an agreement with DoubleClick, in which the company agreed to disclose its tracking practices and to allow users to opt out of data collection.
CDD’s Chester said he will continue to push the privacy issue with the FTC and with other government officials. CDD and US PIRG filed an FTC complaint a year ago on targeted advertising in general, not focusing on Google.
But the DoubleClick deal ratchets up the problems, he said. “The failure of Google to acknowledge that the merger poses unique privacy concerns illustrates a real deficit … in Google’s top management,” he said. “They don’t even acknowledge that there is a greater privacy concern.”