Over two days during the summer of 2009, experts from inside and outside Google met to forge a roadmap for how the company would approach user privacy. At the time, Google was under fire[1] for its data collection practices and user tracking. The summit was designed to codify ways that users could feel more in control.
Engineer Amanda Walker, then in her third year at Google and now the company’s software engineering manager of privacy infrastructure, jotted down notes on a paper worksheet during one of the summit’s sessions. “HMW: Mitigate Impact of bad Gov’t + 3rd party requests,” she wrote, using shorthand for “how might we.” A few suggestions followed: “Discourage abusive requests. Make privacy measurable/surface rising threats. Industry wide.” It was the seed of what would eventually become Google’s suite of transparency reports that, among other things, disclose government requests for data.
It also was just one of several features the group brainstormed that summer that became a reality. An idea called “Persona management” became Chrome and Android profiles. “Universal preferences” became My Account and My Activity. And “Private search” turned into controls to be able to see, pause, and delete search queries and other activity.
Longtime Google employees remember the 2009 privacy summit as a turning point. “A lot of these were a lot more work than we anticipated at the time, but it’s reassuring to me that I think we got the big things right,” Walker says.
And yet, nearly a decade later, privacy controversies continue to plague Google. Just in recent months, the Associated Press revealed[2] that Google continued to store user location data on Android and iOS even when they paused collection in a privacy setting called Location History. At the end of September, Chrome had to