Editor's note – May 12, 2023
Last year, we launched an important update to Location History. We remain committed to improving the experience and making it as helpful as possible. We wanted to clarify additional details about how it works and share an update we’re making to further protect user privacy.
Location History is off by default, but if you choose to turn it on and our systems identify that you’ve visited certain locations that can be particularly personal, we will delete those entries from Location History soon after you visit. To estimate where you are, we rely on several sources, like GPS and Wi-Fi, so accuracy can be impacted by a variety of factors, like whether you’re inside a building, in a dense area or underground.
This deletion applies to certain medical facilities, including counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others. If you visit a general purpose medical facility (like a hospital), the visit may persist.
We continue to look for ways to improve the user experience and make it more intuitive. For instance, currently, you can manually add or confirm a visit to a particularly personal place, which may cause the entry to persist. To prevent the inadvertent creation of persistent entries, we’ll soon be rolling out an update where you will no longer be able to add such an entry, and you won’t be prompted to confirm such a visit.
As always, we’re committed to providing clear, easy-to-use controls to help you manage your location data. As a reminder, you can delete all or part of your information at any time, or set up auto-delete controls.
Original Post – July 1, 2022
Protecting our users’ privacy and securing their data is core to Google’s work. That’s why we design products to help people keep their personal information private, safe, and secure — with easy-to-use tools and built-in protections.
Privacy matters to people — especially around topics such as their health. Given that these issues apply to healthcare providers, telecommunications companies, banks, tech platforms, and many more, we know privacy protections cannot be solely up to individual companies or states acting individually. That’s why we’ve long advocated for a comprehensive and nationwide U.S. privacy law that guarantees protections for everyone, and we’re pleased to see recent progress in Congress.
But we haven’t waited for a law to take action. We understand that people rely on Google to keep their personal data secure. We’ve long been committed to this work, and today we're sharing additional steps we're taking to protect user privacy around health issues.
Protecting user privacy
We offer a variety of easy-to-use privacy tools and settings that put people in control of their data. This is particularly important to people around health topics, which is why our data policies include a number of restrictions. In addition, we have protections around:
- Location History: Location History is a Google account setting that is off by default, and for those that turn it on, we provide simple controls like auto-delete so users can easily delete parts, or all, of their data at any time. Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
- User Data on Apps: Google Play has strict protocols to protect user privacy — including policies that prohibit developers from selling personal and sensitive user data and a requirement that they handle that data securely and only for purposes directly related to operating the app. To further promote transparency and control for users, we also recently introduced Play’s new data safety section that developers use to give people more information about how apps collect, share, and secure their data. For Google Fit and Fitbit, we give users settings and tools to easily access and control their personal data, including the option to change and delete personal information, at any time. For example, Fitbit users who have chosen to track their menstrual cycles in the app can currently delete menstruation logs one at a time, and we will be rolling out updates that let users delete multiple logs at once.
- Law Enforcement Demands for User Data: Google has a long track record of pushing back on overly broad demands from law enforcement, including objecting to some demands entirely. We take into account the privacy and security expectations of people using our products, and we notify people when we comply with government demands, unless we’re prohibited from doing so or lives are at stake — such as in an emergency situation. In fact, we were the first major company to regularly share the number and types of government demands we receive in a Transparency Report. We remain committed to protecting our users against improper government demands for data, and we will continue to oppose demands that are overly broad or otherwise legally objectionable. We also will continue to support bipartisan legislation, such as the NDO Fairness Act recently passed by the House of Representatives, to reduce secrecy and increase transparency around government data demands.
We’re committed to delivering robust privacy protections for people who use our products, and we will continue to look for new ways to strengthen and improve these protections. We support Congressional efforts to reach bipartisan agreement on nationwide privacy protections that move the burden of privacy off individuals and establish good data practices across the board. In the meantime, we will continue our focus on securing our products and protecting the privacy of our users around the world.