You’ve probably received more than one email, notification, and social media link about Google’s upcoming privacy policy change, which is actually more of an alignment of their policies for more than 70 services into one big explainer. Even if Google could always track what you were doing between its services by tweaking individual policies, the new policy made it clear: entering data into one Google service meant it could be used with other services, to improve services (emphasized) and target advertising (mentioned).

The Web’s reaction? Quite strong, really, due in no small part to the policy change arriving very soon after Google gave priority placement to results from its own social network. Our own Mark Kaelin came down hard on the “evil” side constituency. To my eyes, the policy is mostly a simplification and condensation of the many policies Google already maintained across Gmail, Google search, YouTube, and other apps. There are some individual opt-outs, means to export your data, and, as many have pointed out, an easy universal opt-out: use another company’s services.

Google Apps

But here’s a big asterisk you should know about: Google’s universal privacy policy doesn’t apply to Google Apps as used by business, enterprise, and government customers. Vice President of Google Enterprise Amit Singh told The Next Web that Google Apps customers have separate contracts and privacy policies with Google, and that the “new Privacy Policy does not change our contractual agreements, which have always superseded Google’s Privacy Policy for enterprise customers.” Which makes sense, at a base level. As Ars Technica puts it, Google’s individual web users don’t pay anything for use of Gmail, Docs, and other tools, while Apps’ paying customers are footing the cost of bandwidth, server space, and development (or, presumably, at least a good chunk of it).

Then again, representatives with watchdog organization SafeGov.org say Google’s stated intentions don’t jibe with their written policies. SafeGov’s Jeff Gould told PCWorld that governmental Apps contracts “says the opposite of what they say,” and that Google’s different Apps and privacy divisions are “confused and not in touch with each other.” That’s a charge that sticks pretty easily to Google these days.

Meanwhile, U.S. Reps. Ed Markey (D-Mass.) and Joe Barton (R-Tex.) have sent a letter to the Federal Trade Commission, asking it to look into whether Google’s new policy move, lacking individual service opt-outs, violates the company’s settlement with the FTC over its misguided Buzz rollout. Google’s response, at least for individual users, centers around the fact that many, if not most, Google services can be used without signing into a Google account, and that account holders will know how their data is being used and how to extract it.

In trying to track down and sort through Google’s specific privacy policy for Apps users, one encounters at least some indications of left-hand-versus-right-hand confusion. The Enterprise Privacy Center is broad and general, and includes a link to what seems like an Apps-specific policy. But click on it, and you arrive at this seemingly outdated privacy notice, which mainly gets across that an Apps administrator can look at all a users’ privacy, and that more information is available at the general privacy policy – the policy updating on March 1 amidst all this discussion. Inside that simplified policy, Apps users are asked to contact their domain administrator to determine that domain’s own privacy standards. That policy also links to the 2008 one-page document that ends with this wide-open line: “Google’s other use of your information is governed by the Google Privacy Policy and the applicable specific services privacy policies.”

If you’re a Google Apps administrator, have you been able to pin down what data generated by your users Google can use, and how? Share your thoughts in the comments.

Also read: