When speaking to the public, Google presents itself as a defender of privacy.
“Privacy must be equally available to everyone in the world,” its CEO said in a New York Times op-ed(new window). And later he said(new window), “Privacy is at the heart of everything we do.”
Out of the public eye, however, Google is telling a different story to policymakers.
While elected governments try to protect their citizens from Big Tech surveillance, Google is actively fighting against them, trying to water down key privacy regulations and keep your data flowing into its profitable advertising machine.
For Google, the battle is existential. Privacy is antithetical to its business model, as Google explained to investors(new window) last year. “Data privacy and security concerns relating to our technology and our practices could … deter current and potential users or customers from using our products and services,” the company wrote.
Just as the world’s largest environmental polluters have resorted to “greenwashing” to portray themselves as eco-conscious, Google and other Big Tech companies have used “privacy washing” to avoid scrutiny of their business models. Big Tech can no longer ignore the consumer demand for privacy. But their profits depend on exploiting your personal information to sell targeted ads. Google has even tried to redefine privacy to fit its interests.
But a simple review of Google’s lobbying efforts suggests privacy may not be at its heart after all.
Lobbying against privacy
Like most large companies, Google hires lobbyists to influence legislators to shape new laws in ways favorable to its business. Between 2015 and 2022, Google spent an average of $14.9 million a year(new window) on lobbying in the United States alone on issues ranging from antitrust to immigration.
One of the issues it cares about is privacy. But contrary to its recent brand messaging, Google isn’t lobbying to give you real ownership of your data. Instead, it uses lobbying as a cudgel against any law that threatens to make privacy the default.
Google published a framework(new window) for its legislative agenda on privacy, which offers points similar to its own privacy policy(new window). The company wants privacy laws to require transparency about what data companies collect and how they use it. They want consumers to be able to access, delete, and download their personal data. Google already offers these functionalities.
But a close reading makes it clear where Google draws the line on privacy:
- “Organizations must provide appropriate mechanisms for individual control, including the opportunity to object to data processing where feasible in the context of the service. This does not require a specific consent or toggle for every use of data; in many cases, the processing of personal information is necessary to simply operate a service. Similarly, requiring individuals to control every aspect of data processing can create a complex experience that diverts attention from the most important controls without corresponding benefits.” This is not privacy. If a company is using your data in ways that are too complicated for you to understand and consent to, then it should never have access to your data in the first place.
- “Organizations must operate with respect for individuals’ interests when they process personal information. They must also take responsibility for using data in a way that provides value to individuals and society and minimizes the risk of harm based on the use of personal information (i.e., data that can be linked to a person or personal device).” Here Google is saying companies themselves should get to decide what’s good for you and for society. In fact, they have had this responsibility for decades. Their failures prompted the current global proliferation of privacy laws.
Even this public-facing policy document is a carefully worded privacy-washing effort. It seems designed to portray Google as forward-thinking on personal data while rejecting the notion that people have the right to full consent when it comes to their data.
In the next sections we’ll show you several examples where Google has tried to undermine privacy at the highest levels of government.
Watered down privacy in the states
In 2018, California passed the United States’ first online privacy law(new window), giving residents the right to know what data big companies collect about them, to see how they use it, and to delete it upon request. The law took effect Jan. 1, 2020.
But before the law kicked in, interested parties tried to push for last-minute amendments. Google was among them, offering changes that would have exempted its business model from certain requirements.
The amendment reportedly sought to allow Google and other companies “to continue collecting user data for targeted advertising, and in some cases, the right to do so even if users opt out,” Bloomberg reported(new window) at the time.
The changes were not included among the finalized amendments as lawmakers seem to have declined Google’s overtures, according to an analysis(new window) from a leading law firm.
But California was just the first act. Since 2019, hundreds of lobbyists for Google and other Big Tech players have fanned out across the United States proactively advocating for deliberately weak state-level privacy laws, The Markup reported(new window). The show of force seems designed to preempt the demand for a federal privacy law with teeth.
“It’s been this coordinated national push to advance really weak privacy bills. We’ve definitely felt outnumbered,” an ACLU representative said.
The campaign against privacy in Europe
When it comes to privacy laws, the European Union is the world’s test laboratory. The General Data Protection Regulation was a model for new laws in other jurisdictions, from California to Brazil to India.
So it’s easy to see why Big Tech has spent so much money (about $30 million in 2021(new window)) lobbying European lawmakers to protect their most cherished surveillance practices. Google has been among the most aggressive.
Since the GDPR took effect in 2018, the European Parliament has sought to expand consumer protections through additional regulations — in particular the Digital Markets Act, Digital Services Act(new window), and ePrivacy Regulation(new window). Google has worked to water down or slow each of these. Lobbying against the Digital Markets Act was so intense that an EU diplomat complained(new window) their Twitter feed had been overwhelmed with targeted advertising promoting Google’s talking points.
The EU passed both the Digital Markets Act and the Digital Services Act. But ePrivacy, which would make it easier for people to reject tracking cookies(new window), is still in limbo. Google took credit for pumping the brakes on ePrivacy in an internal memo revealed as part of a lawsuit(new window). ��“We have been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies,” the memo stated.
Perhaps the company’s biggest win was in the Digital Services Act. In 2020, a European Parliament committee recommended(new window) the European Commission “assess options for regulating targeted advertising, including a phase-out leading to a prohibition”.
Google and tech industry allies responded with a massive lobbying campaign, detailed in a Corporate Europe Observatory report(new window). They argued that a ban on targeted ads would have “far reaching and unintended consequences” on the world economy. It worked. Support for a ban on targeted ads waned. The final version of the Digital Services Act adds new transparency requirements but leaves Google’s cash crop intact.
The plan to become ungovernable
The United States and Europe aren’t the only countries taking aim at the surveillance economy in defense of their citizens. Google and other Big Tech companies want to prevent any disruptions to their business model. And they’ve identified a clever way to throw sand in the gears of any future regulations.
Big Tech companies, including Google and Apple, have sent trade advisers (i.e., lobbyists) to meet with diplomats negotiating the Indo-Pacific Economic Framework, a trade agreement involving 14 countries along the Pacific Ocean, including the United States, India, Japan, South Korea, Indonesia, and Australia.
Their strategy is to add a clause to the treaty that would make it more difficult for member countries to pass laws limiting their market dominance and allowing new privacy-focused business models to compete for customers. We explained how they are trying to do this(new window) in a previous article.
Taken together, Google’s lobbying activities reveal the company’s true intentions have nothing to do with protecting your privacy. Any claims otherwise are simply privacy washing.
Google won’t protect your privacy, but you can
What’s clear is that Google will never offer true privacy. The reason the company is so successful is because its targeted advertising product is extremely effective. It is based on knowing you intimately and showing you personalized ads at the moment you’re most receptive to them. This business model earned Google nearly $60 billion in profit in 2022.
Such large profit margins depend on collecting vast amounts of your personal data. Everything that restricts the flow of information about your activities and desires is a blow to Google’s interests and an obstacle to Google’s obligation to its shareholders. Privacy, therefore, will never be “at the heart of everything” Google does.
But regulations aren’t the only way to force privacy onto the internet. We as internet users have power through our choices. Google itself has created a simple way to restrict targeted advertising on its My Activity dashboard(new window). But even if you stop Google from saving your personal data for ads, it still has access through products like Gmail and Google Photos. Moreover, Google knows most people don’t change their defaults.
The best way to take back control of your online data is to use services that make privacy the default. One way to do that is learning how to deGoogle your life.
It’s your life, not Google’s: DeGoogle for $1.
Proton does this by automatically protecting your data with end-to-end encryption and zero-access encryption so that we never have access to it. And because our code is open source, anyone can verify this is true. With Easy Switch, you can move all your data away from Google and into your encrypted Proton Account. We have products to protect your emails, calendar events, files, internet traffic(new window), and passwords.
Proton offers these services for free, but you can upgrade for more storage and extra features. Our business model lets you pay with money instead of with intimate details about your life.
We believe the future of the internet is private. People must evaluate companies based on their actions, not just their marketing statements. Privacy washing is just one more obstacle to a better internet where privacy and freedom are the default.
