'Our partners'
“Google recently added ‘and our partners’ to the set of entities that may collect anonymous identifiers. However, Google did not inform about what type of entities these partners are and how they will use the collected data,”
This is the bit that really gets me, unbearable smugness of 'partners' aside. I've pretty much made my peace with Google doing whatever with my data; I use gmail via pop and their search, use just about every privacy addon going, and most importantly ABP, so their chances of utilising that data to pimp me web ads I might click on is close to zero. I don't even mind especially if they offer services to others that leverage the data they have, provided the data itself remains in one named place, i.e. google.
Opening the doors to third parties, for a fee, to access that same data in the raw however is a class apart, and one I really, really take offence to, especially when what they doing with it and who they are is not explicitly stated. If companies like google want to stick to wording like 'partners' without adding detail, they should be obliged to provide ironclad opt outs from that data being passed on, because I am given (as intended) no way to make a meaningful assessment of whether I would be happy with the arrangement. In principle, my attitude to providing data to those I have no dealings with is invariably no, period. Its not just google. The recent issue of NHS data sharing would hava been largely unproblematic for me if they'd just left it at "share with your GP, hospital etc". The minute they introduced the idea of profit making third parties benefitting, it was a categorical 'no' for me, because I just don't believe for a second that the benefits to the NHS through research by private enterprise would ever be proportional to the value to profit making pharmaceutical businesses already seen as rapaciously greedy, and known to have dubious ethics.
The use of data just isn't going to go down and its imperative NOW to nail down the principle of who gets access to what, and in what circumstances if any the default should be 'access allowed'.
The principles of data protection in europe are good at the most absolutely basic level - your data is yours to give or withdraw. Its just that everything below that, or that springs from it, fails miserably; regulation, enforcement, transparency are all lametable and there seems no will to fix them. But worse by far is the lack of undertstanding by politicians and bureacrats, both for now and the future, of the implications of what that basic statement "your data is yours" even means. It currently seems they proudly proclaim their belief in data protection, then smile benevolently as businesses mine, exploit and abuse our privacy as if they were reenacting the 1849 gold rush, without any clear idea of what if any rights or redress we have in practice.
The one thing I see to be optimistic about for the near future is the considerable number of extremely smart people attempting to devise technical solutions to allow us to better protect and distribute our own data in a manner of our choosing, and with our informed consent if sharing it. You simply can't dismiss the importance of policy entirely, but its one of those things fortunately where the application of vast sums of money does not always guarantee you what you want, and low cost, easy to use technologies would at least leave less for the policymakers to misunderstand and fuck up, and perhaps force companies to rethink their approach to how they obtain, use/misuse and sell users data.