Beruflich Dokumente
Kultur Dokumente
1. In terms of Google's search results, what are the differences between
personalization, contextualization, customization, and localization?
Google Search responds to trillions of user queries from around the world every year, driven
by our company mission to organize the world’s information and make it universally accessible
and useful. We have found that the query itself—not any data about the user—is by far the
most powerful signal to identify the most relevant and useful results. Thus, we only
personalize results when there is a clear benefit to the user, such as helping them continue
research they’ve begun or answering queries like, “where to donate clothes.” While we don’t
refer to Search in terms of “contextualization” and “customization,” we do draw distinctions
among a few forms of ranking signals:
● Personalization signals relate to information about the particular user, such as their
interests and past Search history.
● Session signals identify preceding activity in the user’s session to understand the
context of their new query. For example, a user searching for “soccer” followed by a
search for “Barcelona” may be more likely to get the Barcelona soccer team as a result
for their second search. How long a session lasts depends on user behavior (e.g., how
long users keep their browser windows open or how long users are signed in).
● Location helps us understand the context of the user’s query to give them more
relevant results. For example, a user searching for “Giants” in New York City may be
more likely to get search results for the New York Giants rather than the San Francisco
Giants.
● Lastly, users can alter their S
earch settings, such as language, and in some cases,
those settings may change the results they see.
We are an industry leader when it comes to choice, transparency, and control for users. We
remain committed to ensuring our users understand how Search works and that they can
control what Search activity we use to improve their Search experience. That includes
adjusting what data is saved to their Google Account (available at
https://myaccount.google.com), and our recently launched “Your Data in Search,” a control
panel that enables users to browse and delete their Search activity directly for the past hour,
or even entirely, without navigating away from what they’re doing. You can find more on how
Search works and what data powers your Search results at
https://www.google.com/search/howsearchworks/ and
https://myactivity.google.com/privacyadvisor/search.
2. How are contextualized or localized search results (such as showing a
different set of links per Congressional district) different from "redlining" consumer
classifications?
Our business model and company mission depend on us being a useful and trustworthy
source of information for everyone. Redlining—which generally refers to identifying a class of
consumers with whom a business determines not to transact, including by placing limitations
on geographic areas that can correspond with income, race, or other factors—is at odds with
our mission and business model. We do not engage in redlining, nor do we believe that the
signals we use to ensure we provide the most relevant results to our users have the same
effect. We only personalize results when there is a clear benefit to our users, such as helping
them continue research they’ve begun or answering queries like, “where to donate clothes.”
And we use location so that our users can get the exact answer to their question. For
example, when they ask Google for today’s weather, they most likely want the weather in their
area. Providing locally relevant results is one way we meet our commitment to our users.
3. When Google localizes search results, it inserts locally specific results like
restaurants. Do you also change around the general, non-local results based on location
(such as showing a general, non-local Wikipedia article higher in the rankings for some
communities than others)?
In some cases, a user’s location context can be hugely important to the quality of their results.
For instance, a user in Virginia searching for “property tax” likely would find a different set of
pages useful than would a user in California running the same search. Of course, not all
queries are particularly location-sensitive, and Google takes account of that as well. We have
found that the query itself—not any data about the user—is by far the most powerful signal to
identify the most relevant and useful Search results.
4. How can consumers get an unfiltered search experience on Google that
does not change the search results based on any personalized or contextualized
information? For example, if two voters searched at the same time, besides links only
relevant to their location (e.g., restaurants), how could they ensure they would see the
same search results?
Users searching on Google generate data such as the terms they search for, the location of
the device they search from, and the links they interact with. Google’s MyAccount tool
(available at h
ttps://myaccount.google.com) lets users control the data that is saved to their
Google Account. Also, our recently launched “Your Data in Search,” enables users to browse
and delete their Search activity directly for the past hour, or even entirely, without navigating
away from what they’re doing. But even then, two users running an identical search may see
different results. Their queries may be handled by different data centers even if they are in
the same location, to spread out the load. And while we try to keep our data centers closely in
sync, the constant rolling updates that we make to both our Search algorithm and Search
index may reach those data centers at different times. Moreover, whether users conduct a
search on a desktop or mobile device may also impact search results. Pages that are more
desktop-friendly will be more likely to surface when a user is searching on a desktop, while
pages that are more mobile-friendly will be more likely to surface when a user is searching on
their phone. Again, we have found that the query itself is by far the most powerful signal to
identify the most relevant and useful results.
5. In Incognito mode and signed out of Google, if a consumer does a search
on Google, is that search saved with any kind of unique identifier such that it may be
associated with other personal data such as other searches?
When a user conducts a search on Google in Chrome Incognito and signed-out modes, we set
a cookie to correlate searches conducted in the same Incognito window during the same
browsing session. This session signal allows us to use the preceding activity in the user’s
session to understand the context of their new query. For example, a user searching for
“soccer” followed by a search for “Barcelona” may be more likely to get the Barcelona soccer
team as a result for their second search. How long a session lasts depends on user behavior
(e.g., how long users keep their Incognito browser windows open). However, information
from Incognito and signed-out searches will not be associated with a user’s s igned-in user
data to influence the user’s search results. Finally, users can stop the use of the session
signals on Chrome altogether by going to their Privacy & Security settings to turn off the
setting that reads, “Allow sites to save and read cookie data.”
6. In Incognito mode and signed out of Google, if a consumer does a search
on Google, what are all the signals that are used to "contextualize" that search? Are any
of these signals based on a data profile tied to any kind of unique identifier that may be
associated with the device used for the search?
As described above, if a user is in Incognito Mode and signed out of Google, Google will not
tie the Search rankings to any signed-in user data. We will, however, use certain factors not
tied to the user’s identity, such as the browser type, language, time of search, location (or an
estimation of location), and prior browser session searches, to improve Search ranking
relevance for the user’s query. More information on how Search works and what data powers
users’ Search results is available at https://www.google.com/search/howsearchworks/. And,
users can control their settings by going to
https://myactivity.google.com/privacyadvisor/search.
7. Google operates a suite of services (e.g., Google Docs, Gmail) in addition
to Google search that collect personal information on Americans, whether they use
Google search regularly or not, or are signed in to Google or not. When a consumer
comes to Google, in Incognito mode and signed out of Google, is any information from
other sources (online or offline, such as ad views, clicks, browsing history, purchase
history, location history, etc.) used to contextualize his search results? What if the
consumer is signed out but in regular (non-Incognito) mode? And finally, what if the
consumer is both signed in to Google and in regular (non-Incognito) mode?
As described above, if a user is in Incognito Mode and signed out of Google, Google will not
tie the Search rankings to any of their signed-in user data. If a user is signed out but in
non-Incognito Mode, Google likewise will not tie the Search rankings to signed-in user data,
but may use prior searches tied to the user’s same browser cookie to improve their Search
results. If a user is signed in, Google will honor the Google Account settings that the user has
selected when showing them Search results. Users can check and control those settings with
Google’s Privacy Check-Up (available at https://myaccount.google.com/privacycheckup).
8. At what distance between two devices would Google search results likely
change based on location (e.g., 0.01 miles, 0.1 miles, 1 mile)? That is, would Google
search results likely change based on location because people live in the house next
door, the next city block, the next zip code, the Congressional district, next city, or the
next state?
This depends on the user’s search query. For example, a user searching for “restaurants near
me,” who provides Google with a highly accurate location, such as a reading from the GPS on
their phone, is likely to get different results as they move from one city block to another. But
for less location-sensitive queries, such as “where is the nearest DMV,” the user’s results
would likely not change across small distances.
9. Google has characterized the DuckDuckGo study as methodologically
unsound; if Google were to conduct this study, list all the methodological ways you
would improve it so that you would not consider it flawed.
We continue to believe that the DuckDuckGo research is flawed for a number of reasons,
including:
● Size: The study involved fewer than 90 users, while we use thousands of search raters
from all over the world to test our Search results.
● Incorrect Assumptions: The study is based on incorrect assumptions—namely that
any difference in search results is related to personalization derived from previous
searches. Instead, differences in search results are attributable to many factors
outside of Search personalization that the DuckDuckGo study fails to consider,
including, timing of the query, whether the search is on mobile or desktop, and
localization of results for queries such as “restaurants near me.”
● Ill-defined Conclusions: The study used an idiosyncratic and ill-defined definition of
the term “filter bubble.” It treated any variance between Search results as the result of
what it defined as a “filter bubble.” In contrast, we understand through our own testing
that various factors can impact Search results, including, the location of the user, the
datacenter processing the request, the experiment, and so on. The German
organization, A lgorithm Watch, confirmed this in an investigation they conducted,
which used a more carefully scoped definition. They came to the conclusion that
Google Search results were less personalized than the study designers had expected,
and that the primary differences emerged from user location. The A lgorithm Watch
study is available at
https://algorithmwatch.org/de/bei-der-google-Suche-Personalisierung-
geringer-als-gedacht-hauptsaechlich-regionale-effekte/.
10. Your official responses to the DuckDuckGo study seem to deny that
Google uses personal data to influence search results in Incognito mode and when
signed out of Google. If false, would this constitute a violation of your Consent Order
with the Federal Trade Commission?
When a user is signed out of Google (whether using Incognito Mode or not), we do not use
account information (profile information stored with a user’s account) to influence Search
results. The trust of our users is of utmost importance to us. We continue to comply with the
terms of our Federal Trade Commission Consent Order.
11. What does Google do to search results, if anything, to respect Do Not
Track headers sent by some consumers' browsers?
Do Not Track requests may not affect Google’s collection of information because Google, like
most websites and web services, collects and uses browsing data to improve security, as well
as to provide content, services, ads, recommendations on its websites, and to generate
reporting statistics. We provide users with tools to manage Google's collection of information
about their search or browsing history through Google’s Web and App Activity tool (available
at https://myaccount.google.com/activitycontrols/search?pli=1).
12. According to Google's calculations, what is your share of the general
search engine market in the United States on desktop? According to Google's
calculations, what is your share of the general search engine market in the United States
on mobile devices? Who does Google consider to be its competitors in the general
search engine market in the United States?
We work in a highly competitive environment. “General” search engines are just one part of
the vast array of competitors we face. The term does not describe the many ways that users
search for information on the Internet. Some search engines, such as Google, are “general,” in
the sense that they try to provide a relevant answer no matter what the user is seeking. Other
sites, often called “vertical,” or specialized search engines, assume that the user is looking for
a particular kind of information and provide only that kind of result. For any given category of
query, we compete against a wide range of companies that goes well beyond other “general”
search engines like Bing and Yahoo!.
Amazon, for instance, provides search results for users looking for products. 55% of
consumers start their product searches on Amazon and it is a robust competitor. See Greg
Sterling, R
eport: Amazon Grows Lead as Product Search Engine of Choice, Search Engine
Land (Sept. 28, 2016), available at http://searchengineland.com/report-amazon-grows-
lead-product-search-engine-choice-259985 (showing that in September 2016, 55% of users
began their shopping tasks at Amazon, compared with just 28% for all search engines
combined). Similarly, Expedia provides search results for users searching for flights, hotels,
and car rentals. We also compete with social networks, mobile apps, and direct navigation to
websites—and new forms of accessing information are being developed every day. Insofar as
we have a need for market share information, we typically consult third-party sources such as
Comscore.
13. What percentage of queries on Google in the United States are conducted
by people logged into Google?
14. What percentage of queries on Google in the United States for people
logged into Google are personalized or contextualized in some way (including changing
general, non-local links based on location)?
15. What percentage of queries on Google in the United States for people
logged out of Google are personalized or contextualized in some way (including
changing general, non-local links based on location)?
Because the answer to these questions is related, we’ve grouped together our response to
questions 13 through 15.
Google Search responds to trillions of user queries from around the world every year, driven
by our company mission to organize the world’s information and make it universally accessible
and useful. Of the trillions of searches Google responds to every year, more than 50%
happen on mobile. Furthermore, more than 50% of our searches come from outside the
United States. And every day, 15% of the queries we process are ones we’ve never seen
before.
In determining what results to show in response to a user query, we may use factors such as
the browser type, language, time of search, location, and prior session searches. And when
users use Search, they generate data—like the terms they search for, the location of the
device they search from, and the links they interact with. Google’s MyAccount (available at
https://myaccount.google.com) lets users control the data that is saved to their Google
Account.
The Data and Personalization section of MyAccount (available at
https://myaccount.google.com/data-and-personalization) allows users to turn on or off
features like Web & App Activity, and to opt in or out of ads personalization. In addition, the
Privacy Checkup tool (available at https://myaccount.google.com/privacycheckup) makes it
easy for users to review and change their privacy settings. These tools enable users to make
informed decisions about their data.
And our recently launched “Your Data in Search” enables users to browse and delete their
Search activity directly for the past hour, or even entirely, without navigating away from what
they’re doing.
Depending on the search query, some results pages may change rapidly, while others are
more stable. For example, when a user searches for the latest score of a sports game, we
have to perform up-to-the-second updates. But results about a historical figure may remain
static for years at a time. These metrics remain fluid, however, and we have limited public
metrics. That said, to the extent we require market share information, we typically consult
third-party sources like Comscore.
16. Suppose that all individuals (from within the boundaries of the continental
United States) searched for "gun control," "immigration," or "vaccinations," everyone
searching one query at a time simultaneously -' logged out of Google and in "Incognito
mode." Separately answer each question below vis-a-vis each search term in each mode
(i.e., three responses for question). We understand that search results can vary by time,
so please list the time you use for this hypothetical:
a. How many variations of the organic links (colloquially known as the
"ten blue links") would Google show in aggregate, including differences in the
ordering of those links? For each link shown, what is the frequency of its
placement ( e.g., https://en.wikipedia.org/wiki/Gun _ control shown as link 1 50%
of the time, link 2 40% of the time, not all 1 % of the time, etc.). For each zip code
in the U.S., provide a list of the top three orderings and their frequency of
occurrence.
b. How many variations of the news infobox (also known as "Top
Stories") would Google show in aggregate, including differences in the ordering
of those links? For each link shown, what is the frequency of its placement ( e.g.,
nytimes shown 50% as link# 1, 40% as link #2, 10% not shown at all). For each zip
code in the U.S., provide a list of the top three orderings and their frequency.
c. How many different placements of the news infobox would Google
show within the search results page, and what is the frequency of those
placements (e.g., 20% of the time the news is shown above link 1, 50% above link
2, 10% not shown at all, etc.)?
d. How many variations of the videos infobox would Google show,
including differences in the ordering of those links? For each link shown, what is
the frequency of its placement (e.g., CNN video shown 50% as link #1, 40% as link
#2, 10% not shown at all). For each zip code in the U.S., provide a list of the top
three orderings and their frequency.
e. How many different placements of the videos infobox would
Google show within the search results page, and what is the frequency of those
placements (e.g., 20% of the time videos are shown above link I, 50% above link 2,
10% not shown at all, etc.)?
f. Of all the clicks just coming from the organic links on the Google
search results page, what percentage come from clicking on the first link, the
second link, and so forth?
g. Of all the clicks just coming from the news infobox on the Google
search results page, what percentage come from clicking on the first link, the
second link, and so forth?
h. Of all the clicks just coming from the videos infobox on the Google
search results page, what percentage come from clicking on the first link, the
second link, and so forth?
We work hard to provide our users with a useful and trustworthy source of information and to
ensure the most relevant results are surfaced on Search. The kind of query spike described
here would have hard-to-predict consequences for our ranking, and we are therefore unable
to provide a reliable response to this hypothetical or its subquestions. Google’s Search
ranking is based on over 200 factors, which interact in complex ways. As a practical matter,
Google would not be able to process 300 million queries simultaneously, and each search
query that is processed would have the potential to impact later queries. For instance, Google
uses caches to speed up responses to fast-spiking queries by not having to completely
re-process the user’s query. The answers to these questions would also depend on the
distribution and timing of these requests across our data centers. With that said, we
continuously work on ensuring that the most relevant results are surfaced. We are
transparent about our ranking, including with rigorous testing of the relevance of our
results—we ran over 270,000 tests and updates last year alone, resulting in 2,400
improvements—and with public guidelines describing how we assess top results.
17. Suppose a person searches for "pediatricians washington dc" on Google.
The "answer box" provided a Google map with three pinned doctors' offices, three
linked doctors' offices, and at the bottom of the answer box is a "More places" button.
Below the answer box are a number of blue links to, among other things, Yelp.com,
Zocdoc.com, Vitals.com, Healthgrades.com, doctor.webmd.com and specific
pediatricians' offices. The three linked doctors' offices in the answer box only have
ratings from Google reviews. After clicking on the "More places" button, one is taken to
a more comprehensive map and a list of 22 pediatricians' offices. Those offices have
either no reviews or only Google reviews.
a. Does Google's answer box always provide the user the best results,
in this case results for pediatricians?
Our business model and company mission depend on us being a useful and trustworthy
source of information for everyone. The question refers to results that reflect an important
innovation Google introduced in 2007 called “Universal Search.” Universal Search results
integrate information from a variety of specialized formats—such as news articles, images,
videos, products, local places, and more—so that users no longer have to conduct multiple
searches based on different information types. Instead, we compile the information and
make it accessible to users entering a single search.
The “answer box” the question references is a type of Universal Search result that we call the
“Local Universal.” The Local Universal draws results from an index of places, and our local
Search algorithms use the information about each place to better identify the places most
relevant to the user’s query. Like other Universal Search results, the Local Universal is
positioned on the Search results page according to its relevance to the user’s query. For
example, when a user searches for “Washington DC pediatricians” they could be seeking
many different kinds of information, such as pediatrician practices, reviews, phone numbers,
or the closest office.
Different services will have different versions of what is the "best" answer. Our local results
surface entities that we think are the most relevant to the user’s query based on their location,
the time the query is made, and other contextual cues. To do that, we developed our own local
index with structured information reflecting the nature of local businesses—including the type
of place/business, opening hours, precise geographical location, phone number, reviews,
ratings, and website. Google’s specialized local Search results make that information easily
accessible. Providing these results is one way we meet our commitment to our users, and
we’ll continue to work hard to improve our Search results.
b. Why doesn't Google's answer box, or the results reached after
clicking the "More places" button in the answer box, contain any information
powered by Yelp.com, Zocdoc.com, Vitals.com, Healthgrades.com, or
doctor.webmd.com?
Google’s answer box, or “Local Universal,” uses local search algorithms that draw results
from an index of places, not an index of websites (many of the small businesses that
appear in Google’s local search results do not even have a website). If, within the answer
box or Local Universal, you click on “More Places,” and select, for example, a restaurant
near you, that result might contain reservation links from OpenTable, delivery links, and
third-party reviews listed in “Critic reviews.” For example, if a user enters the query “hot
dogs DC” and clicks on the result for Ben’s Chili Bowl, the result contains order links from
five different sites and third-party Critic reviews.
Third-party links are also included when users search directly for a place. For example, a
search for a specific pediatrician in Washington DC returns reviews from Vitals.com,
Webmd, and Healthgrades. And a search for the DC seafood restaurant “Oceanaire”
includes OpenTable, Foursquare, Facebook user reviews, and Zagat critic reviews.
d. Can better content exist outside of the answer box or the page that
follows after clicking the "More places" button?
As discussed in answers (a) and (c), users may find what they are looking for in many places on
Google Search, including the answer box, by clicking the "more places" button, or by refining
their search.
e. How many local searches were conducted for the last five calendar
years?
As discussed in answers (a) and (c), our specialized local Search algorithms attempt to
determine results that are most likely to be relevant to the user’s query, and numerous
variables factor into this process. We do not, however, have a standard definition for what
searches are considered local searches, nor are we aware of any generally accepted
definitions that can be easily applied across user searches.
f. Does Google prioritize its own content over other content when
users search for local goods and services?
Providing our users with the most accurate and useful information in response to their query
is a business imperative. That is why we rank our Search results based on their relevance to
the user query. Promotion of our own content when it is not relevant to the user query would
disrupt and interfere with users’ expectations, who may ultimately go elsewhere. Users can
easily compare Google’s results with the results they get from other websites. If users believe
that Amazon offers better information about products, or that Yelp offers better information
about local places, they can go to our competitor with just one click or by using a mobile app.
It is not in Google’s interest to make it more difficult for users to get the information that they
want. That is why our business model and mission is to provide our users with the most
accurate and useful information.
In 2015, Twitter confirmed that it had a partnership with Google to grant access
to its "firehose" data in exchange for its tweets showing up prominently in search
results.
a) Is this partnership ongoing?
b) What precise data does Google receive from Twitter?
c) Does Google have similar partnerships with other social media
companies?
https://techcrunch.com/2
015/02/05/twitter-confirms-new-google-firehose-deal-to-distribute-traffic-to-logged
-out-users/
Our company mission is to organize the world’s information and make it universally accessible
and useful. Google currently has a partnership with Twitter whereby Twitter makes Tweets
available to Google. This allows our users to have access to content from Twitter in nearly real
time, which we believe makes our results more useful. Nothing about the deal impacts
whether or not tweets will surface in response to a specific query. We are always looking to
give our users the most useful and accurate information available, but do not currently have
agreements like the one with Twitter with other companies.
According to Google's Transparency reports, its removed 10 items at the request
of the Iranian government since 2013. Could you please list each pieces of content that
was removed and the reason for doing so.
Google receives content removal requests from many governments around the world every
year and reviews the content for potential product policy violations. Our Transparency Report
(available at h
ttps://transparencyreport.google.com/government-removals/overview), s hows
a total of 3 requests from Iran and removal of a total of 10 individual pieces of content across
Google products and services. We received these requests in 2012 and 2016 about two
Blogger blog posts and eight YouTube videos, all of which we reviewed against each product’s
global policies.
Upon review, we removed the two Blogger blog posts flagged in 2016, which violated our
Blogger Content Policy (available at h ttps://www.blogger.com/content.g). The blog posts
were about the Iranian Cyber Police and cited “defamation/libel” as the reason for the removal
request. You can find more detail about the Blogger request on the Lumen database
(available at h ttps://lumendatabase.org/notices/12868094).
The other two requests covered eight YouTube videos, which we did not remove because
they did not violate our policies:
● In 2012, four YouTube videos containing clips of the movie “Innocence of Muslims”
were reported for religious offense. We found no violation of the YouTube Community
Guidelines, and did not remove the videos. (You can read more about this request on
the Iran country page of the Google Transparency Report located here:
https://transparencyreport.google.com/government-removals/by-country/IR?country_
request_explore=period:Y2012H2;authority:IR&lu=country_request_explore.)
● In 2016, four YouTube videos were reported on behalf of an Iranian actress for
bullying/harassment. The videos showed two women dancing at a party. The
government claimed that the videos were causing distress to the actress and her
family. Upon review, we found no violation of the YouTube Community Guidelines, and
did not remove the videos.
You can read our YouTube Community Guidelines at h ttps://www.youtube.com/yt/about
/policies/#community-guidelines.
Google's transparency report lists third party organization, which the company
funds.
a) Jonah Goldberg recently disclosed that the National Review
Institute received funds from Google, but the Institute is not listed on the report.
Why?
Google has a long history of supporting organizations on all sides of the political spectrum.
Google was among several corporate sponsors of the National Review Institute’s William F.
Buckley Prize dinner in 2018, which is scheduled to be reported in our upcoming transparency
report (available at h ttps://www.google.com/publicpolicy/transparency.html).
b) Does the disclosure include organizations which receive funding
from Google's lobbyists, public affairs consultants, trade associations or other
intermediaries?
Google’s Public Policy Transparency Report, (available at h ttps://www.google.com
/publicpolicy/transparency.html), makes quarterly disclosures regarding our federal lobbying,
as well as organizations and trade associations to which we provide direct financial support.
Our political transparency standards are industry-leading and have earned Google a
“Trendsetter” 95.7% score in the CPA-Zicklin political accountability index
(https://politicalaccountability.net/index).
c) If not, please list all organizations which have received funding
from intermediaries, which Google then fully or partially reimbursed.
http://google.com/publicpolicy/transparency.html
https://www.nationalreview.com/2018/12/emerald-robinsons-lies-google-cash/
As stated above, our transparency report discloses federal lobbying as well as other
organizations and trade associations to which we provide direct financial support.
QFRs from Representative Lamar Smith
"Your company has long supported net neutrality obligations for ISPs. That's a
good idea. Shouldn't analogous safeguards be applied to Google? What's wrong with a
non-discrimination obligation regarding search results?"
Broadband networks and Internet applications have different roles, and consumers and
businesses use them for different purposes. For their part, networks are gatekeepers for the
entire online experience. General access to the Internet is what ISPs promise and what
consumers pay for.
In contrast, the role of internet applications and websites is very different to that of
broadband networks. With Internet applications, consumers move easily between various
online applications and services, each of which identifies and organizes information to make it
more relevant and useful for the particular user. The usefulness of these sites—including
Google Search—depends on their ability to return differentiated results that respond to the
specific user’s preferences. Ranking higher quality, more relevant sites over lower quality, less
relevant sites is what makes Search results useful. And unlike network traffic neutrality, there
is no objective technical criteria or agreement on what "neutral" search results would look like
(or what is most relevant to a users' query).
We will continue to compete vigorously to provide our users with the most accurate and
useful information, with the knowledge that a different website or application is only one click
away.
"Google's search ranking algorithms may well simply reflect this already-existing
media bias. Would you consider changing Google's algorithms to counter the effects of
the ideological bias already inherent in the news media industry?"
Our business model depends on us being a useful and trustworthy source of information. We
design products that are for everyone and enforce our policies in a politically neutral way.
Although we receive criticism at times for our results—from both sides of the aisle as well as
globally—we are committed to providing the most relevant results to our users. For example,
in 2017 alone, we ran over 270,000 experiments, with external evaluators located in more than
40 countries and in nearly every one of the 50 US states, resulting in more than 2,400
improvements to Search.
But we take seriously the concerns we hear, and we believe in the value of information. That is
why we help our users understand whether they are reading a news report or an opinion
piece—with "opinion" tags in Google News and on "News Mode" in Google Search, and
dedicated "opinion" boxes in the Google News App—and it’s also why our Search rater
guidelines direct our raters to higher-rank news sources that have published established
editorial policies and robust review processes. We will continue to work closely with the news
industry to address this and to ensure the reliability of online news.
QFRs from Representative Tom Marino
In 2016 it was reported that Google generates about 5.5 billion search engine result
pages daily.
1) What is the average number of search engine results per day for the last
ten calendar years 2008-2018?
While we do not have more detailed public metrics, we can confirm that every year, there are
trillions of searches on Google. Over the past 20 years, Google has helped to bring more of
the world’s information online and make it accessible with Search, images, videos, local
information, and more. We’ve come a long way since the early days of Google, but we never
think of search as a solved problem. People have greater expectations for Search today than
they did 20 years ago, and we welcome that. It pushes us to imagine what we can do next,
and how we can better connect people with information about the world around them.
2) What percentage of those search engine result pages resulted in the user:
a. Terminating their search because they were satisfied by the
answer?
b. Clicking on a link which led to the user a webpage not hosted on
Google.com?
c. Clicking on a link which led to the user being sent to a secondary
page on Google.com, any of Google's top-level domains, or generating another
search engine result on Google?
Google doesn’t necessarily know why users terminate a search. Some users may be
dissatisfied by the answer. Others may have found what they needed (e.g., a user who
searched for weather may be satisfied by the information provided at the top of the search
result), and some may have realized that a different search query is more likely to help them
find the result they are looking for. Whatever the reason, we understand that providing users
with the most useful and accurate information is the reason they'll come back to use our
search engine again. We will continue to work hard to fulfill our mission.
QFRs from Representative Doug Collins
In response to a question I asked about whether and how you minimize data, you
stated that a user of Google's Gmail service needs Google to store email messages and
that Google stores data to give users the experience they want. You also stated that
Google gets most of its data for advertising from search keywords.
a. Please explain your data minimization policy.
While we believe that the collection and use of personal information can create beneficial and
innovative services, we also believe that reasonable limitations should be placed on the
manner and means of collecting, using, and disclosing that information. We want to ensure
that data processing occurs in a manner that is compatible with individuals’ interests and
social benefits, and minimizes the risk of harm to users. We describe our framework for
responsible data protection at h ttps://services.google.com/fh/files/blogs/google_framework_
responsible_data_protection_regulation.pdf.
b. Please detail in particular how this policy affects both your
collection and your retention of data, regardless of the choice of settings made
by the user about either collection or retention.
At Google, we design our products to collect and use data commensurate with their purpose
and to keep that data no longer than necessary. These principles are reflected in all of our
products. For example, most of our logs are only kept for a period of days or weeks, and all
our logs are subject to data deletion and anonymization policies. By way of further example,
we do not use Gmail information for the purpose of selecting and serving ads to our users,
and many of our products process data “on device” such that we do not store that data on our
servers at all. Maintaining user trust is extremely important to us. We will continue to work
hard to ensure that we only collect and use data required to provide our users with the
services that they want.
c. How long is data kept for?
We design our products to ensure that data is stored for no longer than necessary. Our
published data retention periods are available at h ttps://policies.google.com/technologies/
retention.
2. What is the difference between anonymous and pseudonymous data? Of
the user data you collect, what types are anonymous? What types are pseudonymous?
Can users delete or "takeout" anonymous or pseudonymous data? Does Google link
pseudonymous data to unique device identifiers, such as serial numbers or IMEIs?
We design our products to collect and use data commensurate with their purpose and to keep
that data for no longer than necessary. We also give users choice and control regarding
whether they sign in and personalize their services or not. We anonymize data—meaning user
data that has been transformed into anonymous information because it is not reasonably
likely that anyone with access to the data can identify or re-identify users, either directly or
indirectly, from the data—when appropriate given the service. Some examples of Google
uses of anonymous data are Google Trends (https://trends.google.com) and Autocomplete
(https://support.google.com/websearch/answer/106230). When that’s not feasible given the
service, we use pseudonymous data—meaning it is not directly associated with an individual
or it can only be attributed to an individual in conjunction with additional information. Some
examples of pseudonymous information would be data associated with a cookie or device ID.
Google offers products that users can sign in to with their Google Account identification
(often a Gmail email address or phone number) and authentication credentials (password).
When users are signed in, they enjoy the benefit of accessing and controlling information in
their account. For example, one feature of Google Accounts is a control named “Download
Your Data” (formerly known as “Takeout”), which enables signed-in users to download or
export their data from the Google products they use. Because we support user choice, we
believe it’s important to give users the freedom to port their data to competing services if
they so choose. Download Your Data is available to users who sign in to their Google Account.
Users who are not signed in have other ways to control the data we collect about their use of
our services and devices—for example, by clearing browsing data or cookie data. Finally, and
as described above, we believe that reasonable limitations should be placed on the manner
and means of collecting, using, and disclosing information. And we work hard to ensure that
data processing occurs in a manner that is compatible with individuals’ interests and social
benefits, and minimizes the risk of harm to the user.
3. Does Google get metadata from Android App usage? What is an
Application Programing Interface (API)? What percentage of apps in the Google
PlayStore use Google APls? When an Android application uses Google APis, such as the
Google Location API, does Google ever collect or store those locations as well? Are
these locations saved to the user's Location History or anonymized and saved for other
uses?
An Application Programming Interface (“API”) is code that allows developers to operate
pre-written libraries of code used to perform particular tasks. This allows, for example, apps
to use central infrastructure to request access to information, rather than forcing developers
to develop their own ways to obtain and process information. APIs are commonly used across
web and mobile platforms. Google provides platform APIs on Android (see, for example,
https://developer.android.com/reference/packages) to ensure developers are able to build
apps that work on the Android operating system, as well as APIs relating to other Google
products and services. We do not have readily available the number or percentage of apps
calling Google APIs over time.
In terms of “metadata” from non-Google apps on Android, we may obtain basic information
via Google Play when users download apps, such as the app name and when it was
downloaded. Google may also obtain information about apps from Android users who
choose to enable Android “Usage & Diagnostics” or the Google Account setting for “additional
Web & App Activity.” This helps us, for example, manage the Play platform, tell users which of
their apps are consuming the most space on their devices, and tailor our services for users
who have chosen to share their additional Web & App Activity with us.
When an app on Android uses a Google API—such as the Google Places API to help search for
places (https://cloud.google.com/maps-platform/places/)—Google receives the data for the
purpose of formulating a response, and keeps the information short term to, for example,
troubleshoot bugs or developer issues or investigate abuse and scraping. Additionally, when
non-Google apps use Android’s location APIs, and the user grants permission, the information
also goes to the non-Google developer pursuant to its own user privacy policies and
functionality.
Google’s Location History feature is a distinct Google product that users must opt in to turn
on and use. For users who have enabled Location History for their Google Account, and have
their device reporting to Location History (users can block any device from reporting to
Location History), the device sends location data back to Google to store in Location History.
Google Location History is not designed to collect or store location information from any
non-Google apps. We are always working to provide users greater choice, transparency, and
control, and will continue to do that.
QFRs from Representative John Ratcliffe
1. Australia recently passed legislation that allows law enforcement to
access encrypted messages, billed as an important tool for law enforcement in the fight
against terrorism and as essential for national security. Encryption makes the jobs of
law enforcement more difficult. However, deliberately building more security
vulnerabilities into devices and software, especially when they can be utilized by
nefarious actors, is not in anyone’s best interest.
a. As you stated in your written testimony, protecting the privacy and
security of our users has long been an essential part of Google's mission. In your
opinion, is there a solution that both supports Google's mission and addresses
law enforcement challenges in the digital age?
The public’s privacy and security when using Google services need not conflict with the role
of governments in enforcing the law. Ensuring that our users’ data is secure is a primary goal
across Google products. Encryption helps reduce the likelihood of identity theft, fraud, and
other harm when criminals steal devices or attempt to hijack online accounts. Law
enforcement often use non-encrypted sources and tools to aid in their investigations. The
Berkman Center at Harvard released a thoughtful r eport in 2016 that puts the encryption
debate in helpful context (https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_
Making_Progress_on_Going_Dark_Debate.pdf).
As observed in the question, it is counterproductive to ask providers and manufacturers to
weaken the security of communications services, software, and devices. A far better
approach is to use and expand the Vulnerability Equities Process (described here:
https://www.whitehouse.gov/articles/improving-making-vulnerability-equities-process-transp
arent-right-thing). Through this process, government agencies that find vulnerabilities
eventually make them known to those who can patch them, and only disclose the information
with appropriate oversight and in proportion to the conduct under investigation.
As described in our Transparency Report (available at https://transparencyreport.google
.com/user-data/overview?hl=en), Google routinely responds to requests from law
enforcement agencies. We are able to do so notwithstanding encryption in virtually all cases.
We understand the importance of the work of law enforcement and will continue to promptly
respond to lawful process. As we evolve, we are continuing to look hard at these issues to
ensure we are striking the appropriate balance.
b. Would Google be willing to come to the table and work with law
enforcement on a workable solution to this challenge?
Google has engaged with many stakeholders, including law enforcement, on this issue and is
happy to continue our productive dialogue.
c. What are the implications for global businesses like Google of
increasingly localized solutions like the Australia legislation?
We understand the goals of law enforcement all over the globe. We do have concerns about
the precedent that may be set if a government asserts the authority to conscript private
companies into developing new operating systems or software updates for the purpose of
defeating the security protocols that are implemented globally to protect users. We and
others have urged the Australian Parliament to promptly address the flaws in the recently
enacted Assistance and Access Bill when it reconvenes.
2. Google has adopted a new policy impacting access to data from Google
accounts and Android devices by third-party developers, as a result of an internal
review known as Project Strobe. The consumers have consented to allowing access to
the data that these businesses seek, and this data is essential for many businesses to
provide consumers with offerings and services they desire. The restrictions Google
seeks to impose on these businesses may cause these businesses, many marketers,
retailers and other on-line businesses to be forced out of business or have their
operations severely restricted. Google claims this policy is necessary to protect
personal privacy, and while I understand those concerns, this is information consumers
have agreed to provide for services they desire. Can you explain how Google balances
the aim of increasing privacy for its users without having a detrimental impact on
third-party developers?
Google is always looking for ways to strengthen protections for users’ privacy in a balanced
manner, and also support a vibrant and successful developer ecosystem. We updated our
User Data Policy for the consumer Gmail API to limit the apps that may seek permission to
access consumer Gmail data after a very deliberate and thorough review of users’
expectations when they grant developers access to their Gmail accounts.
The updated User Data Policy permits access to users’ Gmail accounts for apps directly
enhancing email functionality—for example email clients, email backup services, and
productivity services like CRM and mail merge services. This decision is in line with consumer
expectations. We found in our review of users’ expectations that the vast majority of users
share the content of their Gmail with developers because they want these types of services.
The new policy would not allow, in contrast, a social media app to seek access to a user’s
contact list in order to access the contents of a user’s Gmail. Google remains as committed
as ever to a diverse developer ecosystem that supports and enhances user experiences.
3. Google's success as a search engine appears to be based on its approach
to try and, as its founders put it, get users out of Google and to the right place as fast as
possible. It is understandable that as Google has grown as an enterprise that it would
expand its offerings into other markets and services. However, there is legitimate
cause for concern that the larger Google becomes, the more likely it is to direct internet
traffic towards its own products and services, such as YouTube, Google Reviews, and
Google Flights.
a. What safeguards does Google put in place to ensure that users are
directed to the information and services that they are actually seeking,
irrespective of whether it is a Google product or not?
We have always worked hard to provide our users with the most relevant Search results
regardless of whether that information is derived from a Google or third-party product. Our
algorithms are not designed to favor Google’s products. We also rely heavily on extensive
user testing to constantly improve our Search results and make them more relevant and
useful. Moreover, we test thousands of changes to Search every year. Our rater guidelines
are published externally and our raters are drawn from over 40 countries throughout the
world.
Competition from other sites on the Internet puts intense competitive pressure on us to
ensure users find what they are searching for—regardless of the source. Users can easily
compare Google’s results with the results they receive from other websites. For example, if
consumers find that Amazon does a better job providing them with information about
products, then they will stop using Google and use Amazon instead. In fact, 55% of
consumers start their product searches on Amazon and it is a robust competitor. For every
type of query—travel, news, local, video, images, etc.—there are many different sites
competing with Google to attract users. We must provide users with the information they
seek or they will go to our competitors.
We have invested significantly to give users access and control over their data. We would
encourage all of your constituents who use Google to visit MyAccount (available at
https://myaccount.google.com/).
3) How many Google employees have access to individual users' accounts?
Say that I have a Gmail account- how many employees are able to read my email? There
have been various stories of rogue Google employees violating the privacy of users,
including minors
(https://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-on-chats).
Presumably, not every Google employee can access any Google user's information - but
how many can do this?
Google has long-standing policies that tightly restrict employee access to the content of our
users’ Gmail accounts. No humans at Google read users’ Gmail, except in very specific
cases—for example, if the user asks Google to do so and gives consent, or where Google
must do so for security purposes, such as investigating a bug or abuse. We enforce our
policies restricting employee access to user data through a number of safeguards, including:
(i) limiting access to user data to a small number of necessary individuals; (ii) requiring
documentation about when access is granted; and (iii) routine auditing of access. All
employees undergo security and privacy training at the start of their employment and annually
thereafter, and specialized training and policies apply to employees who have access to user
data. Finally, our Infrastructure Security Design Overview (available at
https://cloud.google.com/security/infrastructure/design/) gives a security design overview of
our infrastructure.
4) Has any Google employee ever been investigated or dismissed for
attempting to skew supposedly "neutral" products, like search, for politically-partisan
purposes? If not, has this ever been investigated?
Google’s business model depends on us being a useful and trustworthy source of information
for everyone, so we have a natural, long-term incentive to prevent anyone from
compromising the integrity of any of our products. We design products for everyone, and we
build our products and enforce our policies in a neutral way. We also do not manipulate
Search results or modify our products to promote a political ideology.
In addition, Google has clear internal policies and numerous technical safeguards to prohibit
employees from manipulating our products for politically partisan purposes. Following recent
allegations reported in the media that Google employees attempted to manipulate our
products to promote a political ideology, we conducted a thorough investigation. We found
no evidence that any employee had manipulated any of our products for politically partisan
purposes.
Finally, Google has a robust Insider Risk program that addresses potential threats from a
malicious or compromised insider, with the top priority being the protection of user data and
sensitive intellectual property. We use a variety of techniques to detect anomalous access to
sensitive information, including machine learning. Together, these policies and safeguards,
protect against insider manipulation.
5) Several Google employees have reported a "toxic" culture that is actively
hostile to politically and/or socially conservative employees. Many have reported that
Mr. Pichai's chief of staff was unresponsive to their requests. Even more shocking
allegations were made in the recent Congressional testimony of Harmeet Dhillon
(https://judiciary.house.gov/wp-content/uploads/2018/09/Witness-Testimony-Harmeet
-DhiIlon-09.27.2018.pdf. If true, the allegations in the testimony would be wildly afoul of
workplace discrimination and workers' rights laws. Do you have any comment about
Dhillon's testimony? If necessary, would representatives from Google be willing to
testify before Congress regarding treatment of conservative employees?
Diversity in all forms, including viewpoint, better equips us to serve all of our users. With more
than 90,000 Google employees around the country and the world, our employees represent a
broad spectrum of political views. Google does not discriminate or retaliate against
employees for holding or expressing conservative, liberal, or other political viewpoints. We
have made clear that people must feel free to express dissent, including on important topics
such as Google’s trainings, the role of ideology in the workplace, and whether programs on
diversity and inclusion are sufficiently open to all. We encourage an environment in which
employees can express their views on these and other topics, and it remains our policy not to
take action against anyone for prompting these discussions. Conservative points of view, like
others, are welcome at Google and across our products, and I’m personally committed to
making sure conservative employees continue to have the opportunity to thrive at Google.
QFRs from Representative Steve Cohen
Question #1
In recent months, authoritarian regimes - most prominently, Vladimir Putin's
regime in Russia - have used bots to manipulate YouTube' s algorithms into restricting
the accessibility of online content from democratic and human _rights activists by piling
up tens of thousands of artificial "dislikes" to their videos. In one video a prominent
Russian democracy activist had a general video celebrating the holidays. In it, there
were approximately 4,800 likes and 157 dislikes out if 55,315 views but in another
criticizing the Kremlin there were approximately 5,500 likes and 84,000 dislikes out of
126,000 views. Russian-language TV Dozhd has said it sometimes sees thousands of
dislikes of its reports within 20 minutes of their posting. These are only two cases out of
many.
Human rights activists have met with the representatives of Google to discuss
this problem and find a way of amending the algorithms to prevent their abuse by
authoritarian regimes, but so far no systemic solution has been found.
YouTube is the main platform for democratic and human rights activists in
authoritarian countries, where the mainstream media are controlled by the
governments.
This results in YouTube algorithms - as they currently operate - putting up
barriers to the distribution of such content.
What is YouTube - and Google, currently doing to address this problem?
Artificial manipulation of YouTube engagement such as video dislikes violates our policies and
is prohibited. We have strict policies, including our Community Guidelines (available at
https://www.youtube.com/yt/about/policies/#community-guidelines), that govern the rules of
the road for what content and behavior is allowed on YouTube. For well over a decade,
YouTube has invested in, built, and deployed proprietary technology to address abuse of our
systems. While we will always continue to develop and improve our products, we have
extensive safeguards in place to detect and neutralize the impact of inauthentic engagement
on our systems.
Question #2
Deceptive advertising is a real problem online, and it can be especially dangerous
when it comes to healthcare.
In 2017, Google Ads suspended its platform use by addiction treatment providers
out of concern that vulnerable people were being targeted for scams.
Drug addiction is a major problem in Tennessee. In 2016, there were 1,186
opioid-related overdose deaths in Tennessee - which translates to a rate of 18.1 deaths
per 100,000. This was substantially above the national average of 13.3 deaths per
100,000.
Google has enlisted LegitScript to help us certify advertising for addiction
treatment providers to help protect against scammers.
What is Google doing to ensure that this certification process is fair and
transparent to ensure that all legitimate businesses are able to advertise?
Substance abuse is a growing crisis in the United States. Unfortunately, there has been some
activity by bad actors engaging in deceptive practices who attempt to exploit individuals
seeking treatment for substance use disorders. In order to help users avoid these malicious
attempts and to better connect them with legitimate treatment providers, last year Google
updated its healthcare and medicines policy (available at h ttps://support.google.com
/adspolicy/answer/176031) to restrict advertising for recovery-oriented services for drug and
alcohol addiction.
The new policy is global, and requires certification before an organization can advertise for
addiction services including: (1) clinical treatment providers for drug/alcohol addiction,
including inpatient, residential, and outpatient programs; (2) recovery support services for
drug/alcohol addiction, including sober living environments and mutual help organizations; (3)
lead generators and referral agencies for drug/alcohol addiction services; (4) crisis hotlines for
drug/alcohol addiction. This helps us prevent deceptive advertising to vulnerable users.
In the United States, advertisers of these treatment services must be certified by LegitScript
in order to advertise on Google (see https://support.google.com/adspolicy/answer/7683376).
LegitScript employs a set of objective certification standards developed in direct consultation
with leading experts in the addiction treatment field, including the Center on Addiction, Facing
Addiction, and the National Association of Addiction Treatment Providers. These standards
are available at
https://www.legitscript.com/service/certification/addiction-treatment/standards, and more
information regarding the LegitScript certification program, including pricing, is available at
https://www.legitscript.com/service/certification/addiction-treatment/. The LegitScript
program seeks to protect patients from fraudulent treatment centers that take advantage of
patients’ recovery efforts and insurance billing opportunities.
LegitScript began issuing certifications in July 2018, and has certified over 1,000 facilities,
including over 60 in Tennessee alone, since the launching the certification program.
Google remains committed to using technology to assist in combating this public health crisis.
In recognition of our commitment, last December Google received the Partnership for
Drug-Free Kids' Corporate Citizen Award for Google's promotion of the Partnership's Parent
Helpline, which serves over 10,000 families per year.
Question #3
In August the Associated Press reported that Google was recording users'
movements even when the users had explicitly asked Google not to do so.
Even with "Location History" paused, some Google apps continued to
automatically store timestamped location data without asking. The AP noted that
Google even went so far as to record user location for searches that have nothing to do
with location - such as a search for "chocolate chip cookies" or "kids science kits."
The story also took Google to task for misleading popup messages on mobile
devices when users attempt to turn off location tracking. On iPhone, for example, when
a user chooses to turn his or her "Location History" off, the popup reads: "None of your
Google apps will be able to store location data in Location History." But Google Maps
and other apps continue to store the user's whereabouts in a "My Activity."
I understand that Google offers users a variety of options to turn off certain
tracking features, but navigating those options remains confusing to a lot of users. To
the extent users may need assistance with changing their privacy settings - both on
laptop and mobile devices - will Google be offering live, human, telephonic customer
service, as opposed to just online assistance? If not, please explain how Google intends
to meet the privacy needs of users who are less technically proficient?
Google cares deeply about giving users transparency, choice and control in our products and
services. We offer a number of resources to help users better understand the products and
services we provide. These resources include plain-English and easy-to-understand
instructions about how users can make meaningful privacy and security choices on Google
products and more generally, online. For example, Google’s Privacy Policy (available at
https://policies.google.com/privacy) includes short, educational videos about the type of data
Google collects, including location information.
Further, we were one of the first companies to offer users a centralized portal to see and
manage their data with the launch of MyAccount in 2015 (available at
https://myaccount.google.com/). MyAccount provides easy-to-use tools for users to manage
their Google Account privacy and security. The Data and Personalization section of
MyAccount (available at https://myaccount.google.com/data-and-personalization) allows
users to turn on or off features, like Location History, and to opt in or out of ads
personalization. In addition, Privacy Checkup (available at
https://myaccount.google.com/privacycheckup) makes it easier for users to review and
change their privacy settings. These tools enable users to make informed decisions about
their data.
Google’s in-product disclosures and help center pages provide users with further resources
to learn about exercising granular control over settings that affect the collection and sharing
of their user data.
Finally, on Google Help Forums, power-users experienced with Google’s products directly
help other users by answering individuals’ questions, including questions from less
technically-proficient users.
QFRs from Representative Val Demings
Question #1
Mr. Pichai, I want to applaud the "Framework for Responsible Data Protection
Regulation," which your company released in September as a first step to protecting
user's privacy. The framework failed to mention the requirements and process Google
would use to obtain Americans data. Should Google be required to obtain opt-in
consent before collecting their data?
Google believes in ensuring our users understand how we use their data, and how they can
control the use of their data. Consent is particularly important for data uses that involve a
higher risk to users and might not be well understood based on context. While controls are
vital, there is a growing consensus among regulators, researchers, and companies that asking
users to opt-in for all uses of information is impractical and leads to selection fatigue that
diverts away from the most important choices.
For example, some data processing is necessary to make products work, and to ensure
they’re secure and reliable. Security and reliability are standard user expectations when
interacting with a service. Asking users for additional consent in such a situation presents the
odd choice between “agree” or “don’t use the service.” This could have the perverse effect of
habituating users to simply click “agree” to prompts without proper attention.
Other data uses are not necessary to provide a service, but support the service provider’s
interests without posing significant risks to users. In the parlance of GDPR, these “legitimate
interests” appropriately balance the rights and interests of individuals without requiring
specific consent. We urge you and other policymakers to consider different levels of control,
rather than a one-size-fits-all approach. The GDPR’s approach, with multiple valid bases for
processing personal data, is a useful starting point.
Question #2
Mr. Pichai, when an American uses one of your products, what data or metadata
is collected by Google? For each Google product please provide the specific
data/metadata elements collected, the time frequency at which this data is collected,
and the method by which Google informs customers that this data will be collected.
We’re always working on making it easier for users to understand and control their data so
that they can make privacy choices that are right for them. That’s why we recently updated
our Privacy Policy (available at https://policies.google.com/privacy) with clearer language,
improved navigation and organization, and explanatory videos to better describe the
information we collect, why we collect it, and how users can control the information we
collect. For example, our Privacy Policy describes that we may collect:
● Information that users give us, like their name, email address, and telephone number;
● Information that users create, like a Gmail message or a comment on a YouTube video;
● Information about users’ activity on Google services, like the things they search for,
videos they watch, and ads they view or click on, including associated information
about that activity like location;
● Information about users’ activity on apps and sites that use Google services like ads,
Analytics, and the YouTube video player.
Depending on users’ account settings, some of this data may be associated with their Google
Account. We also explain this information to new users during the Google Account creation
process. And all users can always visit their Google Account (available at
https://account.google.com) to manage their information, privacy, and security to make
Google work better for them.
Question #3
Mr. Pichai, you stated on numerous occasions during your testimony that Google
does not sell users data. Does Google monetize user's data in any way? If so, how? If
not, why does Google need to collect such vast amounts of data?
We do not sell personal information to anyone. We collect information to provide better
services to all our users—for example, to provide users with Search results in the correct
language or to understand which search terms are most frequently misspelled to improve
spell-check features across our services. We also use data to show relevant advertising,
which helps make our services free for everyone. Without personally-identifying a user to
advertisers or other third parties, we might use data that includes a user’s searches and
location, websites, and apps they’ve used, videos and ads they’ve seen, and basic information
they’ve given us, such as their age range and gender. We then get paid by advertisers for
placing ads, both on our services and on sites and apps that partner with Google. You can
learn more about how we make money with advertising at
https://howwemakemoney.withgoogle.com/.
Question #4
Mr. Pichai, you said in your testimony that if a user takes affirmative steps to
turn· off location services on all Google related apps, there are still scenarios and
situations where Google would collect user data. Under what authority does Google
have the right to collect data when the user has removed all permission for it to do so?
Why would Google need to collect this data? What does Google do with this data and
how long does it keep it?
On both Android and iOS devices, users can turn off their device-level setting to control their
device-based location. For example, when users turn off their Android device’s location
setting, device location is not shared with any apps—and Google does not receive any device
location information from Android.
Note that apps and websites connecting to the Internet may continue to use other signals like
Internet Protocol (IP) address, or other information the user provides, to infer some
information relevant to a user’s location. The transmission of an IP address is a standard
protocol of Internet communications, and its use facilitates several user benefits. For
example, we may use IP-based location estimation to prevent abuse, provide users with the
correct language for search queries, or to ensure that users get results that are relevant to
their general location (for example, users searching for “football” in England likely want
different results than users searching for “football” in the US). We describe our use of IP
addresses in our user disclosures—including, for example, in our account creation flow, in our
Privacy Policy, and in product when users conduct a Google search.
QFRs from Representative Ted Deutch
Question #1
Thank you again, Mr. Pichai, for coming before the Committee last week. First,
as you acknowledged, data collection and especially location data is a complex area
where as you said, users want privacy protection. Just because Google does not
connect the dots between a person's name and that data-rich identifier doesn't mean
that a less scrupulous actor with access to similar data would not.
Given your commitment to protecting personal privacy and safeguarding the
information I'm sure many of your users would consider highly sensitive, will you
commit to supporting legislation limiting unique identifier tracking in addition to the
name, address, and billing information tracking Google has already supported?
We embrace the notion that personally-identifiable and non-personally-identifiable
information should be protected. As we recently said, we support legislation broad enough to
cover all information used to identify a specific user or personal device over time, and data
connected to those identifiers, while encouraging the use of less-identifying and less risky
data where suitable. Such legislation should clarify whether and how each provision should
apply, including whether it applies to aggregated information, de-identified information,
pseudonymous information or identified information.
Question #2
Second, following up on the question I asked about data collected by an Android
phone in the case that there is no active Wi-Fi, no cell service, I appreciate your candor
and want to give you the opportunity to clarify the answer you gave at the hearing. My
understanding has been that data is collected on Android phones regardless of whether
the phone is connected to Wi-Fi or cell service - is this accurate? Relatedly, please
clarify whether data on iPhones is collected if you've got a Google product, like Gmail or
Maps.
In addition, as we discussed, I would appreciate any estimates or studies you may
have regarding what transmitting that data back to Google once connectivity is
reestablished costs users who may be at the edge of their monthly data limits? How
much data is used to transmit location and other data back to Google and do customers
pay for all of this data transmission?
As with all of our user privacy controls, our goal is to make things as simple as possible while
ensuring that users have meaningful control over their data. Data collection depends on the
user’s settings and the apps they’ve installed. A smartphone may be able to determine
location using GPS sensors even without a Wi-Fi or cellular service Internet connection,
depending on the user’s settings. A user might use a fitness app on their phone to track their
bike rides or jogs in an area where they have no cellular service. When the device reconnects
to the Internet, either by Wi-Fi or cellular service, that data may be uploaded.
For users enjoying Google products and services like Gmail or Maps on their iPhones, the
terms and permissions for those products or services govern Google’s data collection.
Because this information is user and device specific—and also depends on the activities of the
user—it is difficult to estimate the amount of data that might be transmitted on average.
Data sent from Android devices may be transmitted over a Wi-Fi network or over the device's
cellular connection. In the case of mobile devices, the user's mobile carrier plan would govern
any charges for transmission of data over a cellular connection. Users can see specific app
usage data in the Android Settings menu.
We have invested an enormous amount of work over the years to bring security,
transparency, and control to our users in this space, and will continue to do so.
Question #3
Many Americans may not care that their every move 24 hours a day is being
tracked, but many do, and I worry that meaningful, informed, consent between
companies and customers is currently lacking because most people don't engage in
data privacy issues until it's too late.
Mr. Pichai, is it correct that users are tracked in the physical world and electronic
domain once they opt into any Google product such as Waze, Google Maps, or Gmail?
Do your customers know they are being tracked to this degree? I am aware of the
opt-in agreement that users agree to as part of Google's terms of service.
But aside from the legal language in the click-through consent warnings that few
customers read, do your users have any understanding of how their apps may be
tracking their movements. Do you have any research or focus group data on actual
customers' understanding of how they are being tracked?
We are constantly looking at ways to improve our products and make them more helpful to
users. We review various signals, including opt-in rates, user technology interaction surveys,
and other information in order to assess if users understand our policies and product settings.
As for Google services such as Waze and Maps, user location is key to the functionality of the
products. As we explain in our Privacy Policy, we collect information about users’ location
when they use our services. The type of location data we collect depends in part on users’
device and account settings. For example, users can turn their Android device’s location on or
off using the device settings app (see
https://support.google.com/accounts?p=privpol_location&hl=en).
Finally, we are not aware of any industry-wide study of user understanding of location
tracking by apps generally. But the fact that users do not uniformly grant or deny all
permissions, and tend most often to granting mixed permissions, reflects that they are
thoughtfully considering the access they give in light of app functionality and usefulness.
QFRs from Representative Cedric Richmond
Background: Google has adopted a new policy impacting access to data from Google
accounts and Android devices by third-party apps. Consumers have consented to
allowing access to the data that these businesses seek, and this data is essential for
many businesses to provide consumers with offerings they desire. The restrictions
Google seeks to impose on these businesses, called Project Strobe, may cause these
businesses, many marketers, retailers and other on-line businesses to be forced out of
business or have their operations severely restricted.
1. How does Google balance the need for personal privacy with the value of
data to businesses?
Google builds and supports open platforms. From Android (our open source mobile operating
system) to Google Play (the Android app store where users can choose from millions of apps
offered by thousands of developers), to Download Your Data (our tool that lets users
download their information so they can use it on any other service), Google products enable
competitive innovation. Google is also committed to protecting our users’ privacy. We strive
to balance this commitment with supporting a vibrant and successful developer ecosystem.
Google updated its User Data Policy after a very deliberate and thorough review of users’
expectations when they grant developers access to their data. Users granting apps access to
their Gmail have certain use cases in mind. Google’s decision to only allow apps directly
enhancing email functionality to have authorization to request access to Gmail is in line with
user expectations. We found that the vast majority of users were sharing their Gmail with
developers because they wanted the kinds of services the policy currently allows (e.g., email
clients, email backup services, and productivity services like CRM and mail merge services).
Google remains as committed as ever to a diverse developer ecosystem that supports and
enhances user experiences.
2. Does Google block access to apps that consumers have granted
permission to access their data?
If circumstances warrant such an action, Google blocks access to specific apps. Google Play
was launched on March 6, 2012 and has grown to more than 1 billion active users in 190
countries, with millions of apps, 40 million songs, 5 million books, and more. Even with such a
large user-base and such an open and diverse developer ecosystem, Google is committed to
keeping malicious actors off our platforms. We have a number of policies in place to protect
our users. We enforce our policies and take action against apps and developers who are not
in compliance. If developers engage in repeated or serious violations of our policies (such as
malware, fraud, and apps that may cause user or device harm), then we may terminate their
accounts and ban them from our platforms.
3. Can you explain the process by which Google determines which
third-party apps have access to data? In what cases are consumers given the choice,
and in what cases is access blocked completely?
Google offers developers access to APIs that give them the ability to provide a wide-range of
tools and apps for users. These APIs cover a multitude of Google products and services and
are open to everyone. We also invest in helping developers. We publish educational
resources, organize conferences, and engage with developers to support their efforts to build
innovative products and services.
To ensure developers use our platforms in a fair way, and to make sure that products and
services are safe for our users, we have a number of policies that apply to all developers.
Apps that request access to sensitive user data must be transparent about why they collect
data and how they will use it—and they must get user consent. Web apps requesting access
to sensitive user data must complete a verification process, described at
https://developers.google.com/apps-script/guides/client-verification. Among other things,
we review the app’s privacy policy to ensure that it adequately describes the types of data the
app wants to access and review the suitability of permissions the app is requesting. If an app
is not verified by Google, we display a prominent warning to users that they are using an
“unverified app.” Users may still choose to proceed to use the app if they wish.
On Google Play, apps must request permission from users to access certain data. Apps that
abide by these policies are always available for users to use as they see fit.
When we identify developers who are not in compliance with our policies, we work with them
to fix their apps. But if developers engage in repeated deceptive or malicious behavior, or
behavior that is harmful to our users, we reserve the right to ban them from the platform. We
rarely need to take this action, but we have and will continue to do so when necessary.
4. Has Google conducted an analysis on the impact on consumers when
access to data is blocked, and if so what role did that play in Google's decisions?
As mentioned above, Google is strongly committed to open platforms and a diverse and
thriving developer ecosystem. As long as apps comply with our policies to protect users and
to ensure a fair playing field for developers, the apps are available to users on our platforms.
Google recently implemented policy updates in light of Project Strobe following a very
deliberate and thorough review of users’ expectations when they grant developers access to
their data. We firmly believe these changes are in the best interests of our users.
5. When deciding which apps are allowed to access consumer data, did
Google consider whether the developers of apps have demonstrated a responsible and
transparent approach to using data?
Transparency to users is a fundamental principle underlying our developer policies. Google’s
policies emphasize the requirements for apps to accurately identify themselves and their
intent to users. Apps that wish to access Google user data must provide users with clear and
accurate information regarding their uses of data. All permission requests must accurately
represent the identity of the app seeking access to user data. Further, apps must provide
clear and accurate information explaining the types of data being requested. In addition, if an
app plans to access or use a type of user data that was not originally disclosed in its privacy
policy when a Google user initially authorized access, the app must update their privacy policy
and prompt the user to consent to any changes before it can access that data. Finally, apps
must be honest and transparent with users when explaining the purpose for which they
request user data. If an app requests data for one reason but the data will also be used for a
secondary purpose, the app must notify users of both use cases. Users should be able to
readily understand the value of providing data that an app requests, as well as the
consequences of sharing data with that app.
QFRs from Representative Ted Lieu
YouTube
YouTube recommends videos for users to watch after completing their selected videos.
As you may know, users often report receiving recommendations for conspiracy theory
videos and extreme content. For example, a search for the California wildfires - which
heavily impacted my district - yields a recommended video about a conspiracy involving
a U.S. military directed energy weapon starting the fires. A search for "the Pope" yields
recommended videos about the Pope being "caught" ostensibly committing crimes or
possibly being killed. A search for 9/11 often yields suggestions for conspiracy theories
about the attacks being perpetrated by the U.S. government. Independent research
from the Atlantic Council found that state-sponsored propaganda and disinformation,
specifically from Russia Today, capitalizes on YouTube's recommendation engine and
spreads quickly.
1. What work has YouTube done to combat the problem of users receiving
recommendations that promote false news and extremist accounts?
Providing our users with trustworthy information is core to our mission. We have put a lot of
effort into curbing misinformation in our products—from better ranking algorithms to tougher
policies against monetization of misrepresentative content.
To that end, we work hard to make authoritative sources readily available for people coming
to YouTube for news and information. For example, with features such as our Breaking News
and Top News shelves that highlight videos from news sources when news events happen, we
include only videos from verified news sources from the Google News corpus. Similarly,
we’ve improved our search ranking and “Up Next” recommendations feature to focus more on
videos from high quality and authoritative sources for users seeking news or information.
Beyond giving users more high quality and authoritative content, most recently, on January
25, we provided an update (available at h ttps://youtube.googleblog.com/2019/01/continuing-
our-work-to-improve.html) on our continued efforts to improve YouTube’s recommendation
systems. With this update, we’ll begin reducing recommendations of borderline content or
content that can misinform users in harmful ways—such as videos promoting a phony miracle
cure for a serious illness, claiming that the earth is flat, or making blatantly false claims about
historic events like 9/11. This will be a gradual change and initially will only affect
recommendations of a very small set of videos in the United States. Over time, as our systems
become more accurate, we'll roll this change out to more countries.
We also recently launched changes to better provide context to help users make their own
decisions about the content they watch. We believe users should be able to make their own
judgments about the information they consume. For example, we’re using information panels
to show viewers information from authoritative third parties such as Encyclopedia Britannica
when users search for or watch videos on certain well-established historical and scientific
topics that have often been subject to misinformation, like the moon landing, and the
Oklahoma City Bombing. Similarly, when a viewer is watching a video from a channel that
receives funding from a government entity, we prominently display an information panel on
the watch page that provides notice to the user that the channel is government funded.
We are proud of these efforts to combat misinformation on our platform. We remain mindful
that our platforms reflect a broad array of sources and information and that there are
important free speech considerations. There is no silver bullet, but we will continue to work to
get it right.
2. What oversight mechanisms exist for the deep neural networks YouTube
has implemented?
We have implemented a number of measures to help evaluate and improve the performance
of our machine-learning driven systems at YouTube. For example, we’ve been reviewing and
improving our automated systems to help ensure that unintended algorithmic bias isn’t
present. Even when automated systems aren’t biased, they aren’t 100% perfect and they still
make simple mistakes in classifying content from all groups of creators. That’s why we’ve also
built ways for our users to report when they feel that our systems have got it wrong. We
correct any mistakes when we find them and re-train the systems to be more accurate
moving forward.
3. In the past, you have suggested that one solution is putting authoritative,
real sources next to these videos. With regard to these projects, is Google working with
experts in counter-radicalization to ensure an evidence-based approach?
With respect to hate speech and violent extremism, we’ve invested in initiatives that utilize
counter speech to help address radicalization at its roots. Redirect Method, developed at
Alphabet’s Jigsaw group, experimented with using targeted advertising to reach people
searching for terrorist content and presenting videos that undermine extremist recruiting
efforts. During an eight-week study, more than 300,000 users clicked on our targeted ads
and watched more than 500,000 minutes of video. We are researching expansion for
Redirect to apply this model to new languages and search terms.
We also partner closely with a range of experts in violent extremism through our Trusted
Flagger Program (see https://support.google.com/youtube/answer/7554338?hl=en). This is a
program we created that allows participating NGOs and government agencies to flag videos
in bulk, rather than one at a time, and allows us to prioritize these highly reliable reports for
review. The same policies apply to flags from trusted flaggers as to any other user flag—there
is no special treatment in terms of whether content stays up or comes down. Members of the
Trusted Flagger program include organizations such as the Institute for Strategic Dialogue,
the International Centre for the Study of Radicalisation and Political Violence, and the Wahid
Institute.
Furthermore, we work with media platforms and cultural influencers to help change the
narrative and elevate the voices that are most credible in speaking out against terrorism and
violence. For example, YouTube’s Creators for Change program (see
https://www.youtube.com/creators-for-change/) highlights online stars taking a stand against
xenophobia and extremism. The 2018 cohort had 61 creators from over 20 countries
representing a combined audience of over 40 million subscribers.
Data Privacy
According to a recent Pew poll, Americans want more say in the privacy of their
personal data, and are concerned with unregulated data collection. Roughly 50% of
Americans say they don't understand how their information is used, and 91 % of adults
agree or strongly agree that consumers have lost control of how personal information is
collected and used by companies.
1. When Google shares data with third parties, what dictates the terms of
that exchange? Is it a contract?
We work hard to ensure users are making informed choices when they choose to share their
data with third party developers. Developers on Google and Android who ask users to grant
them access to the user’s Google Account or device data are required to abide by our
policies. In particular, developers requesting users to grant them access to Google user data
are subject to our User Data Policy (available at
https://developers.google.com/terms/api-services-user-data-policy) and our API Terms of
Service (available at h
ttps://developers.google.com/terms/). And developers who distribute
their Apps on the Google Play Store (for Android) must abide by the Google Play Developer
Distribution Agreement (available at
https://play.google.com/intl/ALL_us/about/developer-distribution-agreement.html) and the
Developer Content Policies (available at
https://play.google.com/about/developer-content-policy/).
2. How often are these contracts or relationships audited to ensure their
terms are being followed?
We invest considerable resources to monitor app compliance with our policies at scale.
We require web apps that request access to a user’s Google data to complete the verification
process described at h ttps://developers.google.com/apps-script/guides/client-verification.
That process involves a review of the app’s privacy policy to ensure that it adequately
describes the types of data being accessed and a review of the suitability of permissions the
app is requesting. If an app is not verified by Google, we display a prominent warning to users
that they are using an “unverified app” and strongly discourage them from proceeding. Our
Security Checkup tool, available to users in their Google Account, would also flag those apps
to users.
Additionally, we use machine learning to monitor web apps’ use of the APIs once they have
been given access to user data. If we detect significant changes in the app’s behavior, we
manually review it. If that review determines that the app is violating our terms, we display the
“Unverified App” screen to users and we restrict the app's ability to use our service.
Android Apps offered on and installed using Google Play are also subject to automated and, in
some cases, manual review, for security, and policy compliance. We also use automated
scanners to protect millions of users each day from malware, phishing scams, fraud, and
spam. For example, Google Play Protect comes pre-installed on all Google-licensed Android
devices and continuously monitors users’ phones, along with apps in Play and across the
Android ecosystem, for potentially malicious apps. It scans more than 50 billion apps every
day and warns users to remove apps we identify as malicious.
3. When people upload their photos to Google Photo, does Google use these
photos for any machine learning functions? Does Google do anything with these
photos?
Certain search features within Google Photos—for example, querying your private photo
library for “dogs”—were made possible by machine learning. Our Privacy Policy lays out how
we use the data we collect, including to improve our services and create new ones.
Google Plus Data Exposure
Google did not report a major exposure of user data, as it was reported, for fear of
regulatory scrutiny. This means that Google+ profile information like names, email
addresses, occupation, gender, and age were exposed, even when that data was listed
as private and not public.
1. The Wall Street Journal reported that you were briefed on the plan not to
notify users after an internal committee reached that decision. Can you talk a bit about
what equities are weighed by the internal committee that decides whether to go public
with a breach or exposure? What obligations do they have?
We are acutely aware of the importance of the trust our users have in us. That is why we are
continuing our long history of being at the forefront of protecting user data and why we
embarked on Project Strobe—a holistic look at APIs and the ways users can share their data
through our platforms. We are proactively looking for bugs and thoughtfully rolling out
standard-setting changes, bearing in mind how those changes can affect developer
innovation.
We have one of the most sophisticated privacy programs in the world. We dedicate significant
resources to the efficient and thorough investigation of potential privacy incidents, including
with a 24x7x365 incidents management team. We carefully weigh decisions around user
notification when incidents occur and always review our legal notification obligations to
determine whether notification is required. But we also go further than that—applying several
considerations focused on determining whether to voluntarily provide notice beyond what the
law may require. These include whether we believe we can accurately identify the full set of
impacted users, whether we are aware of evidence of misuse, and whether there are any
actions a developer or user could take in response. Here, the answers to each of those
considerations was no, and we decided against notification.
Also, giving notification in these types of situations frustrates users and contributes to
notification fatigue. Users begin ignoring important warnings because they are overwhelmed
by the number of notifications they receive. We balance that risk with our desire for
transparency and to ensure the continued long-established trust of our users. In this case, all
of these factors weighed against voluntary notification so we made a considered decision not
to provide one.
Android location tracking
Recently, it was discovered that some Android phones that were not connected
to the internet and had no SIM card were still able to track user location and modes of
transportation (bike, walking, train) as well as what the user was doing with the phone.
1. Why does Google need this information, other than for targeted
advertising?
Today, smartphone’s can calculate location based on a few sources, including GPS. This
provides multiple benefits to users. For example, in many parts of the country, including along
Highway 1 in California, there is no Internet connection for devices via cell service or Wi-Fi.
Even though a device cannot connect to the Internet in that case, Google Maps can still work
and provide users with driving directions. This is partially because the phone can use GPS
without a SIM card or an Internet connection. The device can generally detect users’ walking,
biking, or other motions thanks to device sensors, like a gyrometer. Regardless of whether a
smartphone is connected to the Internet, it can store location and other data to transmit later,
once it connects to cell service or Wi-Fi. Whether the phone stores or transmits such data to
Google once it reconnects to the Internet depends on the user’s selected settings. Some
users, for example, may wish to record and transmit data from their fitness app when they
biked on routes without Internet or cell connectivity.
To be clear, this feature exists on almost all smartphones, regardless of whether a user has
any Google apps installed on a device and regardless of what operating system the phone
uses.
2. Is it possible for a user to disable this feature on his/her own?
Yes. All Google-licensed Android phones have a master location toggle that is accessible in
device settings. When users turn this toggle off, the phone does not transmit device-based
location information. Users can also deny access to device-based location information on an
app-by-app basis via the device settings. For example, a user could deny Google Maps
access to the device-based location information, but allow another app such as a taxi-hailing
app to access the device’s location.