Google’s Promise to Delete Your Data Has a Major Loophole

Graphic: Google
Graphic: Google

Google’s push to become a privacy-positive company over the past year has been, depending on how you look at it, an act of genuine benevolence, a brilliant marketing decision, or straight-up bullshit. So when Google CEO Sundar Pichai announced the company’s latest moves in the privacy-protecting space on Twitter yesterday, the biggest surprise — at least to me — was the lack of scepticism I was seeing from other reporters in the privacy and policy spaces.

In short: The update, as described in Pichai’s initial tweet and in a blog post regarding the rollout, broadly changes the way the company retains user data — not only making it easier to delete data, but also changing the default settings for new Google accounts so that this data auto-deletes by default every 18 months. (Existing users will have to seek out these settings and turn them on, though Pichai writes that Google will send reminders to existing users about these features.)

“We believe that products should keep your information for only as long as it’s useful and helpful to you,” he explains in the blog. “We continue to challenge ourselves to do more with less, and today we’re changing our data retention practices to make auto-delete the default for our core activity settings.”

It’s an idea that sounds great, in theory — after all, as the recent round of protests starkly reminded us, you can never be too careful about what digital breadcrumbs you might be inadvertently scattering around the web. Getting a new set of data from Google can, in theory, be kind of like getting a new digital identity — and with every refresh, Google’s giving you the chance to leave all of the old trackers and targeting tech behind.

But if you dig a little deeper, it quickly becomes clear that that’s not how digital data works at all — and that just like every other Google-led ploy for privacy, this latest update is about market power and not much else.

First, let’s get the specs on the update out of the way. To quote Pichai’s blog post directly:

Starting today, the first time you turn on Location History — which is off by default — your auto-delete option will be set to 18 months by default. Web & App Activity auto-delete will also default to 18 months for new accounts. This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it. You can always turn these settings off or change your auto-delete option.

He goes on to say that if a user wants to strip their details more frequently, they can set up an auto-delete for every 3 months. The option to turn on auto-deletions like these aren’t new, per se — the company actually rolled out this option just over a year ago, to fanfare similar to what we’re seeing with this new update.

The thing is — at least in the context of digital ads — your data is, by design, impossible to retroactively delete. Here’s an example: A while back, I downloaded an app that I later found to be sharing my prescription data with a few third parties, including Google. That data came packaged with so-called “anonymous identifiers” like my phone’s unique ad ID — a chunk of software that Apple and Google bake into their respective hardware.

If I try to wipe any activity — say, my prescriptions — from the app using the tools Google provides here, that doesn’t wipe that same intel from those third parties: They still have the data they’ve already collected on any relevant past activity. In my case, my prescription information is out there — not connected to me by name, sure, but it’s close enough. Because an activity or history-wipe doesn’t also wipe those anonymous identifiers I mentioned before, the minute I log back into that app to order a refill on some medication, a third party can see that, even though my Google account might be “wiped clean,” I’m still the same consumer that I was before.

Put another way, this kind of third-party jig directly ties my old, sullied Google account to my new, clean one — not just in this particular app, but in every app I might open on my phone, or every site that I browse on my laptop. And when those two accounts are tied across more of my apps that I’m using, or more sites that I’m surfing, I’ll quickly end up back in the same targeted hell I was trying to escape by taking Google’s offer of a shiny new account.

Not only that, but because deleting activity from a Google account doesn’t do shit to change the name of your Google-owned email — and because our email addresses are still one of the core ways marketers track our behaviour online — any lists we were on or any “consumer segments” we might’ve been rolled into still have the same data they always have. The (somewhat) inescapable and insidious nature of this sort of ad-targeting tech is something that Google’s intimately familiar with — which is probably why (as I’d previously discovered) the company makes it damn near impossible to wipe your advertising ID from an Android device.

That said, there are some practical perks that come with an occasional Google account dump, but the perks aren’t for us — they’re for the hordes of advertisers the company has in its convoy. Pichai actually alludes to it in his post, when he writes about how “products should keep information only for as long as it’s useful”:

For example, we’re bringing this to YouTube, where auto-delete will be set to 36 months by default if you create a new account or turn on your YouTube History for the first time. This improves upon current industry practice and ensures that YouTube can continue to make relevant entertainment recommendations based on what you’ve watched or listened to in the past — like letting you know if your favourite series has released another season, or when your favourite artist drops a new album.

When we talk about “content” — on YouTube or otherwise — we’re talking about content that’s relevant to you, as a consumer. Because of my unhealthy obsession with cute cat videos, I get YouTube ads for cat food all the time. If you’re the type who binges on makeup tutorials, you might notice ads for makeup cropping up in your feed, again, all the time. Knowing the content that’s relevant to you isn’t just key for feeding the beast that is YouTube’s recommendation algorithm, but also for sustaining YouTube’s ad business.

Marketers don’t want to waste their money on irrelevant ads, so it’s in Google’s best interest to keep every user’s consumer profile as up-to-date as possible. Keeping things up to date would keep you from say, getting an ad for dog food after your sweet pupper passes away. It’d keep you from getting ads for RuPaul’s Drag Race after you discover that he’s cancelled and swear to never watch any of his content ever again. Wiping down your account yourself helps, and having your account wiped for you every few months is even better.

Right now, Google needs all the good graces it can get in the marketing community. This year, some analysts estimate that Google’s share of the digital ad market will tumble for the first time in the company’s history — not by much, but enough for the company to be concerned. When ad dollars drop, so do the dollars from investors. Both of these groups might be somewhat swayed back with the promise of audiences that are newer, fresher, and more relevant than ever.

And of course, announcements like these tend to get Google into the good graces of the rest of us as well. The question there is how long it’ll take for the public — and the press — to stop taking that bait.