Yes, most definitely! First, Google wants to inspire confidence in their users that privacy is respected. There are also laws and regulations that they need to follow when dealing with personal information.
In answer to your question about business units, Google states in their Privacy Policy that they combine information from different services. They do this for the user’s benefit, among other things.
Google’s Privacy Policy
Their Privacy Policy covers the three topics you can see listed below:
Most privacy policies cover these topics, and they are often required by law. Let’s have a look at the “Information we collect” clause in more detail.
In this clause you can see some things that show that Google does care about user privacy. They also care about the user being able to understand their Privacy Policy.
First, you can see that the Privacy Policy uses plain language, rather than legalese. They also provide helpful pop-up information boxes so that the user can fully understand what the Privacy Policy is saying:
Second, note that each clause has clear examples of the types of information they collect. The clauses also set out also where and why Google might collect this information. For example, Google clearly explains that during account creation the user provides some information such as name, email address, and phone number. They also clearly set out where they directly collect information not provided by the user.
Finally, you can see that their descriptions are comprehensive. They don’t give one or two examples of each scenario; they list out all the situations in which they might collect user data. In the clause below you can also see how they explain the purpose of their data collection:
- to “provide, maintain, protect, and improve” their services; and
- to “protect Google and [their] users”.
Google also does share information across services:
They give a clear explanation of why, too: to make it easier to share things with other people, to improve Google’s services, and to improve Google’s ads.
The next thing to consider is the fact that Google, like any other business, is required to comply with applicable privacy laws.
Privacy Laws
In the US, there is no generalised online privacy law. However, there is a state law that applies to many online websites and service operators: the California Online Privacy Protection Act (CalOPPA).
CalOPPA requires that website operators who collect the personal information of California residents must have a Privacy Policy.
CalOPPA also requires that the Privacy Policy must cover:
- The types of information is collected;
- Who this information is shared with;
- Whether third parties can use your website to collect information;
- How users can change the information you hold;
- How you respond to “Do Not Track” requests; and
- Your Policy’s effective date
Google is also required to follow EU law: the General Data Protection Regulation. This regulation is one of the strictest privacy laws in the world.
Google explains in their Privacy Policy how they deal with the EU-US Privacy Shield. The EU-US Privacy Shield covers how US data holders deal with the data of EU citizens:
You can also see that in the clause above Google sets out the process of dealing with privacy complaints.
Conclusion
Google may collect a lot of user data, but it doesn’t mean they don’t protect that data and take care with user privacy.
The private information Google collects is asked for in their Privacy Policy. They also clearly set out what they do with it.
At the end of the day they will always need to follow relevant privacy laws, or they may find themselves subject to watchdog action or negative media attention.