Google's new privacy policy, which was announced a month ago, has taken a new turn after Attorneys General (and other ranking legal officials) from 36 states and territories of the U.S. sent a letter, on Wednesday, to Google CEO, Larry Page, expressing concerns over the company's new unified privacy policy.

Under the new policy, scheduled to go into effect on March 1, the company will collect and compile information to create a profile of users based on their activity across all its various sites and tools including Google search, Gmail, Google+ and phones running on its Android operating system.

Below is the full text of the letter...

February 22, 2012

Mr. Larry Page

Chief Executive Officer

Google, Inc.

1600 Amphitheatre Parkway

Mountain View, CA 94043

Dear Mr. Page:

We, the undersigned Attorneys General, write to express our strong concerns with the new privacy policy that Google announced it will be adopting for all of its consumer products. Until now, users of Google's many products could use different products in different ways, expecting that information they provide for one product, such as YouTube, would not be synthesized with information they provide for another product, such as Gmail and Maps. The new policy forces these consumers to allow information across all of these products to be shared, without giving them the proper ability to opt out.

Google's new privacy policy is troubling for a number of reasons. On a fundamental level, the policy appears to invade consumer privacy by automatically sharing personal information consumers input into one Google product with all Google products. Consumers have diverse interests and concerns, and may want the information in their Web History to be kept separate from the information they exchange via Gmail. Likewise, consumers may be comfortable with Google knowing their Search queries but not with it knowing their whereabouts, yet the new privacy policy appears to give them no choice in the matter, further invading their privacy. It rings hollow to call their ability to exit the Google products ecosystem a "choice" in an Internet economy where the clear majority of all Internet users use - and frequently rely on - at least one Google product on a regular basis.

This invasion of privacy will be costly for many users to escape. For users who rely on Google products for their business - a use that Google has actively promoted(1)- avoiding this information sharing may mean moving their entire business over to different platforms, reprinting any business cards or letterhead that contained Gmail addresses, re-training employees on web-based sharing and calendar services, and more. The problem is compounded for the many federal, state, and local government agencies that have transitioned to Google Apps for 1- Government at the encouragement of your company, (2) and that now will need to spend taxpayer dollars determining how this change affects the security of their information and whether they need to switch to different platforms.

Even more troubling, this invasion of privacy is virtually impossible to escape for the nation's Android-powere smartphone users, who comprise nearly 50% of the national smartphone market.(3) For these consumers, avoiding Google's privacy policy change may mean buying an entirely new phone at great personal expense. No doubt many of these consumers bought an Android-powered phon in reliance on Google's existing privacy policy, which touted to these consumers that "We will not reduce your rights under this Privacy Policy without your explicit consent."(4) That promise appears not to be honored by the new privacy policy. Given the way the new privacy policy is being implemented, i.e., without genuine opt-out options and without pre-purchase notice to users of Android-power smartphones, it seems these users can only register non-consent by abandoning their phone altogether.

Those consumers who remain in the Google ecosystem may be making more of their personal information vulnerable to attack from hackers and identity thieves. Our offices litigate cases of identity fraud with regularity and it seems plain to us that Google's privacy policy changes, which suggest your company's intent to create richer personal data profiles, pose the risk of much more damaging cases of identity theft and fraud when that data is compromised, a risk that will grow as instances of computer hacking grow. With this newly consolidated bank of personal data, we foresee potentially more severe problems arising from any data breach.

We Attorneys General are also concerned that Google's new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers. Google boasts that it puts a premium on offering users "meaningful and fine-grained choices over the use of their personal information," developing its products and services in ways that prevent personal information from being "held hostage."(5) It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information "held hostage" within the Google ecosystem.

Your company claims that users of Google products will want their personal information shared in this way because doing so will enable your company to provide them with a "simple product experience that does what you need, when you want it to," among many other asserted benefits.6 If that were truly the case, consumers would not only decline to opt out of the new privacy policy, but would freely opt in if given the opportunity. Indeed, an "opt-in" option would better serve current users of Google products by enabling them to avoid subjecting themselves to the dramatically different privacy policy without their affirmative consent.


3 -Apple beat Google smartphones in U.S., Reuters, Jan. 25, 2012, available at:

4 -

5- (Principle 4).


Unfortunately, Google has not only failed to provide an "opt-in" option, but has failed to provide meaningful "opt-out" options as well.

We have reviewed your recently published letter to several members of Congress regarding your privacy policy change, as well as the letters recently sent to several attorneys general,and while we appreciate your efforts to inform elected officials and other members of the public, the letters have not allayed our concerns regarding the multiple issues discussed above. Indeed, they have raised as many questions as they have answered.

Given all of our serious concerns, and given our obligation to protect consumers within our states, we request to meet with you as soon as possible to work toward a solution that will best protect the privacy needs of those who use Google's products. We look forward to your response no later than Wednesday, February 29, 2012. If you have any questions regarding this letter, please contact Attorney General Douglas F. Gansler or Attorney General Robert McKenna.


Douglas F. Gansler, Maryland Attorney General

Rob McKenna, Washington Attorney General

Tom Horne, Arizona Attorney General

Dustin McDaniel, Arkansas Attorney General

Kamala Harris, California Attorney General

George Jepsen, Connecticut Attorney General

Joseph R. "Beau" Biden III, Delaware Attorney General

Irvin Nathan, Washington DC Attorney General

Lenny Rapadas, Guam Attorney General

Bruce B. Kim, Executive Director, Hawaii Office of Consumer protection

David Louie, Hawaii Attorney General

Lisa Madigan, Illinois Attorney General4

Greg Zoeller, Indiana Attorney General

Tom Miller, Iowa Attorney General

Derek Schmidt, Kansas Attorney General

Jack Conway, Kentucky Attorney General

William J. Schneider, Maine Attorney General

Martha Coakley, Massachusetts Attorney General

Bill Schuette, Michigan Attorney General

Lori Swanson, Minnesota Attorney General

Jim Hood, Mississippi Attorney General

Steve Bullock, Montana Attorney General

Michael Delaney, New Hampshire Attorney General

Gary King, New Mexico Attorney General

Eric Schneiderman, New York Attorney General

Roy Cooper, North Carolina Attorney General

Wayne Stenehjem, North Dakota Attorney General

Edward T. Buckingham, Northern Mariana Islands Attorney General

Linda L. Kelly, Pennsylvania Attorney General

Guillermo Somoza-Colombani, Puerto Rico Attorney General

Peter Kilmartin, Rhode Island Attorney General

Marty J. Jackley, South Dakota Attorney General

Robert E. Cooper, JR, Tennessee Attorney General

Greg Abbot, Texas Attorney General5

Mark Shurtleff, Utah Attorney General

William H. Sorrell, Vermont Attorney General

Vincent Frazer, Virgin Islands Attorney General

The State of Hawaii Office of Consumer Protection is an agency which is not part of the state Attorney General's Office, but which is statutorily authorized to undertake consumer protection functions, including legal representation of the State of Hawaii.

Here is the letter (PDF) from National Association of Attorneys General to Google CEO, Larry Page