Combining reader information with its existing database of user information would allow Google to add a rich and intimately personal dimension to its profiles — profiles that could become very attractive to marketers, litigators, the government and others with an interest in profiting from sensitive personal data.
It's easy to see how such an environment could easily lead to significant privacy exposures, especially given the absence of a comprehensive federal consumer privacy law.
Taking thoughtful steps to protect privacy now will help to ensure that Google Book Search lives up to its promise as a powerful social good, rather than becoming the next lightning rod in our ongoing national debate over privacy on the Internet.
The privacy challenges presented by the new Google Book Search present Google with an opportunity to step up as a corporate privacy leader by establishing clear policies to protect readers' privacy and pledging to the judge overseeing the settlement to adhere to them going forward.
Because the service is not yet fully implemented, many details of such policies will likely remain in flux into the foreseeable future. But that shouldn't stop Google from committing to a baseline approach that protects users' fundamental rights.
In July, the Center for Democracy & Technology issued a report detailing specific privacy commitments Google could make to ensure that Google Book Search does not infringe on users' rights. The recommendations are grounded in the Fair Information Principles that should form the foundation of all commercial and governmental privacy policies.
First and foremost, Google must make absolutely clear to its users what information it is collecting, and how that information will be used. While such notice is a linchpin of all privacy policies, Google Book Search should strive to set a new bar for clarity and conspicuousness. Readers should know exactly what they're getting, and exactly what they're giving up in return.
The recommendations also call on Google to establish limits so that it collects only the information it needs to complete Google Book Search transactions. For instance, Google shouldn't have to collect or store significant information about how users are accessing books online (what pages they read, their annotations, etc.). Google's default position must be, "if we don't need it, we won't collect it."
It is also critical that Google limit how it uses the information it is required to collect about users. If such information is needed to calculate payments to publishers, then it should be used for that purpose and no other. Reader data is simply too sensitive to be lumped indiscriminately into online marketing dossiers.
Most importantly, Google should commit to take strong steps when others, including the government, demand reader information.
Given the sensitivity of the information associated with reading and the potential comprehensiveness of the service, Google should commit to insisting that the government obtain a court order or warrant issued upon probable cause before it discloses information that could be used to identify or associate a reader with access to particular books. It should, likewise, resist demands for access by civil litigants and provide users with prompt notice about such demands.