Putting you in control: our work in privacy this year
Every day, hundreds of people at Google work on building the best privacy protections into our products. In 2019, we made a renewed push around privacy tools, controls and engineering talent, an investment that is already making a difference—nearly 20 million people around the globe visit their Google Account daily, accessing security, privacy and ad settings. As a vice president of product for privacy, I look forward to supporting this work more in my new role leading Google's strategy on building world class privacy tools. Here’s a look at what we did in 2019 in this important area:
Keeping your data private and secure
We’re committed to ensuring that our products meet user expectations around data sharing and data security. This year, we used findings from Project Strobe—an internal review of how third parties can request access to your Google account and Android device data—to implement new policies across Gmail, Android, Chrome and Drive to better protect your data and give you improved controls over the third parties to whom you grant access. We built Password Checkup, which automatically checks the security of all of your saved passwords, tells you if they’ve been compromised, and offers personalized help. Password Checkup started as a standalone Chrome extension, but it was so useful—downloaded more than a million times—that we built it into your Google Account’s password manager. We also introduced the Titan M security chip in Pixel 3a and Pixel 4 to help secure the operating system and your most sensitive on-device data.
Simpler controls in Google products
We've built tools to give you control over your data, easily accessible directly in our various products. This year, we expanded incognito mode across our apps, including Google Maps on Android and iOS, and we launched various auto-delete tools. We also put privacy controls at the forefront of Android settings, and rolled out simple voice commands so you can manage your privacy settings while using the Assistant by saying something like “Hey Google, delete everything I said to you last week.” All these tools make it easier for you to control what information is saved in your Google Account, and for how long.
Investing in privacy engineering
Our significant investment in privacy engineering and research helps improve our own products, as well as everyone’s overall experience online. In May, we opened the Google Security Engineering Center, our engineering privacy hub, where teams are building tools to keep users’ data safe. And for years, our research teams have been building privacy-preserving technologies like federated learning and differential privacy. These technologies provide smart, helpful experiences—like showing you how busy a restaurant is in Maps without identifying the individuals that visited it. In 2019, we open sourced the differential privacy library that powers some of our core products and introduced Tensorflow Privacy, Tensorflow Federated and Private Join and Compute to help other organizations implement these kinds of technologies. And in August, Chrome introduced the Privacy Sandbox and committed to restricting secretive user-tracking efforts such as “fingerprinting,” with the goal of safeguarding user privacy while keeping ad-supported content accessible on the web.
The year ahead in privacy regulation
This is the second year of GDPR in Europe and we invested significantly ahead of its implementation to upgrade our systems and policies, to ensure that we and our partners can comply with its requirements.
In the U.S., we’ve continued to advocate for strong federal privacy legislation and published a regulatory framework drawn from various privacy frameworks around the world and our own experience. We continue to believe this is the best way to provide safeguards to U.S. users, give businesses clear rules of the road, and avoid a patchwork of conflicting requirements and exemptions.
Like many businesses, we’ve been working to comply with the requirements of the California Consumer Privacy Act (CCPA), coming into effect on January 1, 2020. The CCPA will require businesses to disclose how they use people’s data, offer opt-outs of data sales, and give individuals rights around accessing and deleting their data. We’re committed to putting its requirements into practice and have invested in our systems to make necessary changes.
We’ve offered a range of tools for users to access, manage and delete their data like Download your data and Google Account globally for years, so we’re encouraged to see these practices become more widely adopted and codified into law in California. And while we never sell your personal information to anyone, we do let you control how your information is used, including for personalized ads. As we did with GDPR, we’ve made our CCPA data controls and tools available to all users globally, not just in California. Last month, we also introduced Restricted Data Processing, which will allow advertisers, publishers, and partners to restrict how data is used on our advertising products, and help them as they work to comply with CCPA. Publisher partners can also easily implement this kind of limited processing for their users globally. Of course, we’ll continue to follow developments around CCPA and ensure we’re taking appropriate steps if new regulatory guidance emerges.
Rather than just talk about privacy, we’ve spent this year building real tools and protections—they’re already available and used by millions of people. I’m proud of all this, but I also know that our work to build the best privacy protections into the products you use is never done. I look forward to sharing even more with you in the coming months.