I have some questions about Google’s reluctance to turn over user search data to the government. (For background on this story, see here.)
1. Why does Google gather this data to begin with? Wouldn’t the best way to protect user privacy be not to save this information in the first place? Why does Google need to know the identities of those who use the Google product?
2. Does Google release the information it collects to private third parties such as advertisers? If so, why the public-private distinction? Aren’t the same privacy interests implicated in both the private and public contexts? Why not ask the users themselves when they contract with search engines about the circumstances under which their data may be disclosed to third parties? In the early days of the Web, I published a paper, “Regulating Cyberactivity Disclosures: A Contractarian Approach,” 1996 University of Chicago Legal Forum 639, arguing that disclosure of a user’s “cyberactivities” to private third parties should be permitted as a default matter, so long as users have the affirmative right to opt for non-disclosure. Additional “public disclosure” language could easily be added to such opt out clauses.
3. If Google and other search engines such as Yahoo continue to collect user data, then shouldn’t there be a market opportunity for a search engine to break away from the pack and offer users the guarantee of privacy by simply not collecting user data to begin with? If this were to happen, it would be interesting to see which data collection procedure will end up becoming the norm. If enough users vote with their keystrokes in favor a “no collection” regime, one could imagine all the search engines feeling some pressure to adopt such a policy. But it’s equally plausible to think that many users will not care very much one way or the other, in which case users who are idiosyncratically private will have the “no collection” option but the majority of other users will stay with search engines that continue to collect search data.