It is a common assumption by Internet users that their online activities are private and, to an extent, anonymous. This is definitely not the case.

A user's Internet Service Provider (ISP) has the power to monitor and log all traffic - including the websites that they access, the emails that they send, the newsgroups that they read, and even the search terms that they type into Google, Yahoo! & Co.  There have been numerous examples of search engines disclosing records of users' searches.  Google, by far the most popular search engine today, maintains both records of IP addresses and a long-term "cookie" that records an individual's searches for up to several years.  Although this data is not immediately associated with a user's name, the information stored by ISPs and websites allows for easy linking of an individual to their stored search records, with potentially serious consequences.

Google recently barely avoided getting fined in the UK for collecting personal data, including email addresses and passwords being used in public Wi-Fi spots.  Despite labelling this as a "significant breach" of the Data Protection Act that was "not fair or lawful," the UK’s Information Commissioner's Office (ICO), has simply requested that Google delete the offending data and given the search giant nine months to review its privacy practices.

In direct monetary terms it seems as if Google has got off lightly, at least in the UK, but investigations in other nations are ongoing.  There cannot, however, be any denying that to some extent users’ confidence has been damaged in the brand and its squeaky-clean image, built around the company’s informal “don’t be evil” motto.  According to Jack Adams, search engine optimisation (SEO) consultant at leading search specialist marketing and technology firm Greenlight, the damage to Google’s brand perception is substantial and perhaps a time for Bing to make a focussed marketing push.

Indeed, as much has been admitted by Alma Whitten, Google’s new Director of Privacy for the Engineering and Product divisions.  "We're very aware that our business is based on the trust of users and if damaged [then] that's the worst thing we could do."

This damage has been compounded by the widespread national news coverage of the privacy breaches, especially with the matter being discussed in the UK Parliament.  Even in general conversations, one slightly less-than-tech-savvy individual expressed reservations over Google, asking whether this breach means they should discontinue Internet banking in fear of online fraud, demonstrating just how this news has pervaded the general public.  The question though is whether this has put that respective individual off searching with Google?  Will they switch to a competitor?  The damage to Google’s brand perception is considerable, but the impact on search engine marketing is likely very little.  With Google near to monopolising UK search, having 93% market share at present according to StatCounter, and “to google” being a verb officially listed in the Oxford English Dictionary since 2006, the awareness of competitors seems too low for many of Google’s users to really take action against the search giant.

Given this, the UK’s traditional focus on Google for search engine marketing looks set to continue for the meantime, and Google seems, at least, to have learned a lesson on privacy.

With the appointment of Alma Whitten as Director of Privacy across both engineering and product management, Google will continue to build and enhance effective privacy controls into its products and internal practices.

In addition, Google employees are receiving orientation training on Google’s privacy principles and are required to sign Google’s Code of Conduct, which includes sections on privacy and the protection of user data.

The company is also beefing up its compliance mechanisms, which means every engineering project leader will be required to maintain a privacy design document for each initiative they are working on.  This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team.

Action is definitely needed, considering that in May 2010 Google announced that it had mistakenly collected unencrypted Wi-Fi payload data, including information sent over networks, when using its Street View cars.  The company has now admitted that entire emails and URLs were captured, as well as passwords, and has apologized again for failing so badly in regard to privacy and announced that the data is now being deleted from its files.

It is simply beyond belief that a leading technology company, that handles such a huge amount of sensitive data, is somehow lacking significant preventative legal measures and procedures on privacy.  Let’s hope that this doesn’t continue to get out of hand.

By Daniela La Marca