My data is *my* data!

Starting to get pissed off with how everyone just assumes it’s entirely OK to follow me around the web to see what I’m doing, what I’m searching for, who I talk to etc.

Last year my university email account was switched to GMail. I had some misgivings, but had no choice. Today, however, when I was searching for something on Google, I saw in the top right corner I am logged in as pavel.kalinov@my uni. Er… no, I am not – or rather, I should not be. I logged into my email account which is on a completely different domain. I specifically did not log into Google search, Google plus or whatever. What makes you think it’s OK to log me in and track me?

Furthermore, even if I log out at this point – I will still be tracked in a personally identifiable manner since logging out does not delete the cookie. So, emailed the letter below to IT support, will wait to see what they do and then send it to the Privacy Commissioner and/or the Telecommunications Industry Ombudsman (you need to resolve the issue with the offending company first before you go to them).

————

Sir/Madam,

I am concerned about some features of my university email that have appeared recently (without my, and I believe the university’s consent).

Since the introduction of Google+ or whatever, I seem to be logged into Google all the time after I check my university email. I have a personal Google account, and now it seems another one was automatically created for me without my consent and it keeps “following” me whether I want it or not – I search for something on Google and it shows my uni account on top as being logged in. Well, I specifically logged into Griffith Mail, not Google Search. If I don’t want to be tracked there is nothing I can do. I can log out, but then I am logged out not only from search but from my mail as well, and I am still being tracked in a personally identifiable way even after that because the cookie in my browser still says who I am – it now just has a “logged out” status.

In short, I find this a violation of privacy which I think you should resolve between the university and Google as an email provider. The fact that they provide email (and through the university – I have had to accept that service as well) does not entitle them to follow me through their other online properties.

Best regards,
Pavel

———-
04/10/2011 update: got a phone call from a very helpful lady who suggested to try and de-link (or nuke altogether) my personal Gmail/Google+ account as some sort of mitigation. Tried it, turned out this was not the issue: (copy/paste)

after your phone call of a few minutes ago, I tried to go to Google and delete the linked account and any possible interference between my Griffith email and my private Gmail account. As it turned out:
- my private email does not interfere with this one (i.e. – they have not linked them)
- they have NOT created a Google+ account for me as I initially thought (though the issue coincided with Google+ becoming public)
- but, they have created an “ordinary” Google account for me, which still raises the original issue. Namely: it happened without my consent (and, more importantly – without your consent as a corporate customer – I don’t think you allowed Google to poach your clients and make them its own clients), and my web search/web browsing habits are now being tracked in a personally identifiable way through this created link between my Griffith email, Google search and Google Analytics (the tracking scripts of which are installed all over the place).

In short, they have misused your customers’ data in a very alarming way.

———–
04/10/2001 next update, after an email basically advising me that Google changed stuff unilaterally and that’s all… (copy/paste)

as I said, the issue is not that I cannot access my other account – the issue is that I have a new Google search account at all (NOT apps, I mean I end up logged in to google.com while I am using the standard Google search feature; and, as you know, logging out does not delete the cookie but only changes the status to “logged out”). I haven’t investigated, but I guess I remain trackable all over the web through this cookie and Google Analytics scripts on millions of sites.

“In the past, Google Apps (@griffithuni.edu.au) accounts were cookied separately from Google Accounts (e.g. gmail.com)” – this was a correct behaviour.

“Your Google Apps account has undergone a transition, and now functions more like a full Google Account.” – this is overstepping the boundaries on the part of Google. Think of it as a “forced sale of a service” (the fact that it is “free” does not mean there is no price to pay – the price in this case is the user’s privacy, and Google make good money out of it through selling personalised ads on third-party sites).

Since I have no relationship with them but with you, I take the issue with you so you can then take it up with them as a corporate customer. As I said in my previous letter, you have outsourced a service with them and they are now poaching your clients and forcing additional services (at a cost to them – see above) with no opt out (not that it would make the practice acceptable, as services should be opt-in).

This entry was posted in Other stuff, Personal. Bookmark the permalink.

Leave a Reply