Google Privacy Policy

Drew Hodel


I’m a law student in an information privacy class and when Google alerted me: “New Really Really Important Privacy Policy.  Click here,” …I clicked… but definitely not ßthere.  My lack of bargaining power told me it wasn’t worth my time.  So instead, I signed in and began g-chatting with a friend…


Anonymous: Hey man.

Me:                  Hey.  Did you check out Google’s new privacy policy?


Anonymous:  No.

Anonymous:  You’re such a nerd.

Me:             I know.  I figure I’ll check it out later.


The problem is I’m not representing Google and I’m not representing its users.  I haven’t been hired to write anyone’s privacy policy, I’m definitely not switching to hotmail and if I use Microsoft my situation won’t change.  So when I tried reading the policy today, I struggled to get through the entire thing.  That’s just the truth but in case you were curious:


Here is a link to a good article discussing the new policy:


Here is a link to the new policy:


In any case, whether you think Google is moving in the right direction or not with this privacy policy can it serve as a legally binding contract between you and them and should it?

Google wants to create a “beautifully simple, intuitive user experience” by converting its more than 70 different privacy policies into 1, and I appreciate the thought, but it’s not always the thought that counts.  Substituting 70 individually convoluted policies with one convoluted policy does nothing to solve the convoluted part.  Moreover, no one reads the policies anyways.

On one hand these policies seem insufficient (in most cases) to constitute unilateral contracts:  The general rule in contracts cases is that “general statements of policy are not contractual.”  User’s lack of knowledge and reliance interests, making it difficult to say any offer was “accepted” in the traditional sense.  On the other hand: if these policies are simply meant to serve as warnings or notices, they’re clearly not getting that job done either.

All this set aside, the casebook points out that users do “regularly take advantage of” their privacy settings. (p. 819) So if google were to expose a user’s information more broadly than he set it in his privacy settings I believe the user would at least have a viable lawsuit under the theory of promissory estoppel and perhaps as a breach of a legally binding and bargained for contract.  In any case, I do not like the idea that privacy policy might represent a legally binding contract.  Google has unfair bargaining power and should not be able to take advantage of this by including terms that not favorable to customers in a legally binding contract.