> While Google is not admitting any fault as part of the settlement, the company did agree to several other terms in addition to paying $93m. Those conditions include being more transparent about its location tracking practices; notifying users before location information is used to build ad profiles to target specific people; and getting approval from Google’s internal privacy working group before making any material changes to privacy.
That last line is oddly reminiscent of the government delegating safety audits to the airplane manufacturers themselves.
> is used to build ad profiles to target specific people
I was wondering how they'd comply for logged out users. I'll bet the phrase "specific people" explicitly excludes pseudonymous profiles (which are trivial to de-anonymize) and explicitly allows them to use clustering algorithms with arbitrarily fine granularity. ("This isn't a profile for a specific user. It's a cluster that could contain an arbitrary number users. It currently only contains one, but that's bound to happen, given the number of clusters...")
Yeah, but it makes me wonder if an internal privacy working group already existed, and they weren't approving changes in privacy rules, what were they actually doing?
It's not as if privacy teams are reviewing each code change at Google. The teams making changes are generally responsible for knowing if and when to seek out approval/advice.
That last line is oddly reminiscent of the government delegating safety audits to the airplane manufacturers themselves.