Google still doesn't understand what privacy means

There was plenty to take away from Google I/O 2022, particularly if you’re excited by the prospect of more Google hardware to buy. But various keynote speakers also touched on an equally important but less exciting aspect of Google’s core business — privacy. Or more specifically, the lack thereof. Unfortunately, none of them really seemed to understand what proper privacy actually means.

As I’m sure you’re aware, Google’s primary business remains that of selling ads. Whether you’re using Search, watching YouTube, or browsing the Play Store, Google tracks what you’re up to and builds a personalized advertising profile it can use to target ads at you with maximum efficiency and, therefore, revenue. Obviously, no one really likes this practice, especially as it’s virtually impossible to truly control and audit the data collected on us, but we begrudgingly accept it as the price of “free” services.

See also: How to tell if someone is tracking your Android phone

At I/O 2022, Google unveiled its latest solution to appease the more privacy-conscious — the dystopianly named My Ad Center. In the not-too-distant future, Google users will have a swanky new UI and features they can navigate to customize their ad experience. Only “Big G” could think that anyone wants to waste precious minutes of their life managing which of the “brands you love” can track which bits of their data.

Now granted, My Ad Center should end up giving users more granular control over the topics and types of data they end up sharing with brands and ad companies. A welcome improvement, no doubt about that. Especially if it’s a move towards users volunteering data rather than the cookie-based profiling we’ve all been subjected to in the past. However, the controls users need must be easily accessible and not buried in layers of obfuscation.

The big test for My Ad Center will undoubtedly be whether it suffers the same infuriating pitfalls as other frustrating “privacy-conscious” initiatives like GDPR-mandated popups and app permissions more generally. Those are all busywork, moving the papers around, and annoying users with countless things to press without making much difference at all to the data collected or the ads they see. Ultimately, the onus shouldn’t be on the user to figure out how to opt in and out — data collectors should prioritize privacy and assume that users don’t want everything collected by default. Unfortunately, Google is yet to follow Apple’s move to make apps ask users for permission and make tracking opt-out by default.

To Google’s credit, it is showing tentative signs of moving away from its old blanket approach to a slightly more voluntary model of data collection. The company wants to drop third-party cookie-based web tracking, replacing it with its Topics API. Topics doesn’t share visit information across the web and doesn’t even need to know a user’s identity to show relevant ads. Nor does it mass-collect data either, instead, websites are assigned topics and relevant ads are created based on a small selection of the topics a user chooses to be associated with. It’s less intrusive, but websites can and likely will opt out.

Ultimately, the issue users have with the aggressive data harvesting practices of Google, Facebook, and others, isn’t that they can’t fine-tune their preferences — it’s the level of data collected in the first place. My Ad Center, combined with Topics, suggests that Google is starting to realize this, but only time will tell if this is just fiddling around the edges of the problem. After all, Google is still trying to find the right balance without upsetting its core business model.

In addition to My Ad Center, Google I/O spokespersons spent a lot of time talking about the importance of privacy and security across its services. And rightly so. Google has been responsible for numerous user data leaks in previous years. Notable events include a 2018 Google+ bug that exposed the data of 52.5 million users and almost 5 million Gmail passwords that leaked online in 2014. Not to mention the lawsuit over private browser tracking, 2019’s $170 million fine for breaching child data privacy involving YouTube Kids, getting caught out tracking locations without permission in 2018, or the slew of data harvesting Android apps recently pulled from the store. Google has a terrible track record when it comes to protecting and respecting the privacy of its users.

See also: These are the ten best privacy browsers around

The cynic in me still sees initiatives like My Ad Center, options to remove identifiable information from Search, and “protected computing” local processing, as a reaction to Google’s past indiscretions rather than a new leaf of altruism.

They are, of course, very welcome improvements that give users that bit more privacy and control over the data collected about them. Big G is moving in the right direction, albeit in tentative, small steps. However, Google doesn’t seem to have learned the most important lesson of the past decade — the only way to keep data private is not to collect it in the first place.

Despite signs of progress, my takeaway from I/O is that Google still doesn’t get privacy. Not really. The company likes to talk a big game about app permissions, scrambled data, and user toggles, but the bottom line is that it’s still a data harvesting machine. That’s Google’s business model, after all, and there will always be an internal struggle to balance data collection with revenue generation.

Also, don’t wait for My Ad Center. You can already opt out of targeted advertising here, when you’re logged into your Google account.