Google Privacy Policy is Vague

Please access to the following URL http://www.google.com/privacy/privacy-policy.html and read

the privacy policy. Then explore the following comments based on the policy. You may try to
browse for other comments and emphasize weaknesses on privacy policies.
“We may combine the information you submit under your account with information from other
Google services or third parties in order to provide you with a better experience and to improve
the quality of our services. For certain services, we may give you the opportunity to opt out of
combining such information”.
It sounds creepy that information we provided to different application can be combined as it
form a full picture of a person. And what make this worse is that, only for certain services, not
all users are given opportunity to opt out of such combination. Users should be asked whether
they agree to go for such process of information combination. Otherwise such process can be
carried out at any time without the knowledge of users.
“Log Information: When you access Google services, our servers automatically record
information that your browser sends whenever you visit a website. These server logs may
include information such as your web request, your interaction with a service, Internet Protocol
address, browser type, browser language, the date and time of your request and one or more
cookies that may uniquely identify your browser or your account”.
This clause doesn’t specify for what purpose such logs were being kept. It may become a record
that someone could monitor the movement of users unnecessarily. Furthermore, the statement
does not specify for how long such information will be kept, will it be cleared after some period
of time? This should to be clarified. Otherwise the statement sounds such records would be kept
permanently, which is terribly bad.
One of the sections in question states that “When we use third parties to assist us in processing
your personal information, we require that they comply with our Privacy Policy and any other
appropriate confidentiality and security measures.”
The above clause did not specify clearly under what circumstances Google would “use third
parties to assist in processing personal information”. The clause also did not specify what kind
of personal information would be given. At least the so called “appropriate confidentiality and
security measures” must be explained in the text. Otherwise Google can apply such clause in any
circumstances and with all personal information, probably including personal identifiable
information to be disclosed to third parties.

Another section of Google’s privacy policy states that “We may also share information with third
parties in limited circumstances, including when complying with legal process, preventing fraud
or imminent harm, and ensuring the security of our network and services.”

Clarification is needed in this clause on a standard process how information could be shared.
For example, only court subpoena would be entertained. It would be good to apply this section
with citing of potential or actual situations. These included a real kidnapping with ransom
demands sent from a Gmail account and a hypothetical situation of a massive hacker attack
where third-party security experts might be involved to resolve the situation.

“We take appropriate security measures to protect against unauthorized access to or unauthorized
alteration, disclosure or destruction of data. These include internal reviews of our data collection,
storage and processing practices and security measures, including appropriate encryption and
physical security measures to guard against unauthorized access to systems where we store
personal data”.

Though the clause provides methods how security measures are being applied, but it does not specify how
frequent this will be done. If users suspect any unauthorized access to their personal information, is there
any way to seek help from the customer support was not clearly stated.