Late yesterday afternoon, September 3, 2009, Google finally issued a privacy policy for Google Books, both the current service and the extensive new book-related services they hope to have a federal court approve in October.

While there are some good things in the policy — many that EFF and its coalition partners the ACLU of Northern California and the Samuelson Clinic at Berkeley Law School have long been urging Google to do — it is still falls well short of the privacy protections that readers need, both substantively and in whether it will be permanent and readily enforceable by readers. Our coalition on behalf of authors and publishers seeking to protect reader privacy will still be filing an Objection to the Settlement in Court on Tuesday, September 8.

First, and most importantly, the privacy policy fails to address our core concerns about the standards for disclosure of reading habits to the government and private litigants.

What we asked Google to do was to insist that the most privacy-protective standards be met before disclosing someone's reading history. The position Google has taken instead is that it will follow the few state laws that plainly apply to it already — laws that would bind Google regardless of whether or not Google also wrote about them in its privacy policy. As for the readers living elsewhere, Google says that it will "continue its history of fighting for high standards to protect users," which is just an aspirational statement, not an enforceable commitment. Google needs to say "come back with a warrant" when law enforcement or civil litigants come knocking for their treasure trove of reader information. This policy does not.

Second, the privacy policy is procedurally insufficient to protect readers and authors who depend on reader privacy. While a privacy policy could be written to create enforceable promises, Google has issued a "website business as usual" privacy policy. Those policies can be changed at any time and may be unenforceable by readers whose privacy has been violated.

Given the important free expression interests at stake and the long history of protecting reader privacy by libraries and bookstores, readers need a durable guarantee of protection enforceable by a court. This is especially the case since Google needs court approval to create this massive new set of book services that include searching, browsing, lending, purchased access and even reading in the privacy of your own home.

Third, Google also failed to include many other items in the list of privacy demands we published in July, including that the policy:

  • fails to require Google to delete logging information about users within 30 days, or any other reasonably short period of time.
  • fails to ensure that readers will always be able to use anonymity services like the Tor network, proxy servers and anonymous VPN providers to access Google Book Search.
  • does not offer registered users who purchase texts any equivalent of a "hiding books under their bed" to protect against parents, family members or other local users who might scrutinize their reading (we suggested several ways that Google might implement a feature like this, and hope that Google will eventually do so)
  • fails to provide a robust, easy-to-read notice of and link to Google Book Search privacy provisions on the Google Book Search pages themselves, rather than tucked away in a privacy policy.
  • fails to address or in any way limit the use of watermarks to track users of Google Book Search.
  • fails to promise to annually publish online, in a conspicuous and easily accessible area of its website, the type and number of requests it receives for information about Google Book Search users from government entities or third parties.

While the Google Books Privacy Policy is not sufficient to protect reader privacy, it does contain some provisions that are good news for readers. For instance, it is welcome news that Google plans to ensure that credit card companies don't know what you read and give you the ability to delete books and hide your book purchases from prying eyes. Google says it will build in the "ability to limit the information available to credit card companies and enable you to delete or disassociate the titles of books purchased from your Google account." Google also does not plan to require sign-in to a Google Account for access to browsing and preview services, which will help protect the privacy of those looking for books.

We're pleased that Google is taking these good positions, among others, on issues we raised during our discussions with them over the summer. But to do right by readers — and the authors and publishers who stand with them for reader privacy — Google needs to do more.