> Length of data store: under what circumstances is what data stored, performance data, explict user data, all data, some subset of personal information, access logs, and for how long?
Note that everything in the article is about personal information. It's an obvious question to say "Do you store personal information for more than X months?". It's also very straightforward to say that "If you say you delete all personal information after X months, but store some subset of personal information indefinitely, you are lying."
> whether or not data is shared with law enforcement when not legally required: Nearly impossible to verify, and even if it was verifiable, very hard to stop,
So what? It's "very hard to stop" any privacy violation. Google could turn around and sell every single bit of data they've gathered about you, and there is nothing you can do to stop them. The whole point of privacy laws is to provide a deterrent to such activity and to provide recourse for those who have been wronged by it.
Similar to how the law doesn't stop burglary from happening, instead it provides a deterrent to burglary and an avenue of recourse for those who have been burgled.
> It's an obvious question to say "Do you store personal information for more than X months?
still the question is, what exactly qualifies as "personal information", many seemingly irrelevant things can be used to identify you, login ip addresses, session ids, login frequency, Its a term with holes the size of Montana.
> Being "very hard to stop" isn't relevant.
I will concede this point, but uncovering cooperation can be a near impossibility
> still the question is, what exactly qualifies as "personal information", many seemingly irrelevant things can be used to identify you, login ip addresses, session ids, login frequency, Its a term with holes the size of Montana.
"Personally identifiable information" is not some nebulous term that means whatever the writer wants it to mean, it has a pretty strict legal meaning.
"Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual".
Note that everything in the article is about personal information. It's an obvious question to say "Do you store personal information for more than X months?". It's also very straightforward to say that "If you say you delete all personal information after X months, but store some subset of personal information indefinitely, you are lying."
> whether or not data is shared with law enforcement when not legally required: Nearly impossible to verify, and even if it was verifiable, very hard to stop,
So what? It's "very hard to stop" any privacy violation. Google could turn around and sell every single bit of data they've gathered about you, and there is nothing you can do to stop them. The whole point of privacy laws is to provide a deterrent to such activity and to provide recourse for those who have been wronged by it.
Similar to how the law doesn't stop burglary from happening, instead it provides a deterrent to burglary and an avenue of recourse for those who have been burgled.
Being "very hard to stop" isn't relevant.