Since APIs have broken into the technology world, they have been an integral part of online companies and websites. As Google has grown and extended into different apps and systems, its APIs have become one of the top systems to use and have access to.
- 1. What are Google's API Services?
- 2.1. What Type of Data is Collected
- 2.2. Why and How Data is Collected
- 2.3. Disclosure of Use of APIs
- 2.6. COPPA Disclosures
- 3. Summary
What are Google's API Services?
Google's API Services are included in an overall "authentication and authorization" process where online companies and websites can connect with Google customers so they can request and collect a Google user's data.
The Application Programming Interfaces (APIs) can include metrics and analytics on user demographics, software libraries, and data structures. Google APIs in particular, are multiple systems that collect and store their users' data. Outside parties may also use these APIs on their own sites to help improve functionality and usership.
Examples of Google's API Services include:
- Google Sign-In
- Google Maps
- Google Analytics
- Google Translate
One of the most common Google APIs is Google Sign-In. Many websites have options of signing up through a form, through your Facebook profile, or your Google profile to create an account.
eBay uses this option for its new users when they wish to create an account.
Offering options like this make it easier for users to sign up or sign in, which in turn helps businesses get more people who are willing to take the (shortened) time to create an account. You can see how this is a win-win for all parties.
Violation of the User Data Policy, or of Google's other policies, could put your company in jeopardy of being revoked from using the APIs.
- What type of data is collected
- Why and how data is collected
- Disclosure of use of APIs
- COPPA disclosure
Here's how Google says it:
What Type of Data is Collected
Take a look at Trilio's clause on what data it collects as an example of how specific a clause like this can be:
Microsoft is one of the largest computer operating systems. It uses multiple cookies and services to collect users' data to help create a better user experience. In its Privacy statement, it includes what data its collect for its metrics, including Google Analytics:
Dropbox doesn't explicitly mention Google, but it does mention "other service providers" which lets its users know that third party services, such as Google, may be in use and accessing personal data.
Why and How Data is Collected
- Why you are collecting the data
- What it is being used for
- How you are collecting the data
Your disclosures of how and why you collect the data must be clear and in simple enough language that the user can easily read and understand the reasons for the data collection.
In its clause about how it may use information it collects, Algolia separates out each reason use using bullet points with plain language. This helps to create a reader-friendly experience:
Remember to include as much information and be as detailed as possible, while still keeping things organized and easy to follow.
Disclosure of Use of APIs
Attempting to lie to your users or defraud them is strictly prohibited by Google. You must be forward and upfront with your users about the use of APIs and their data that is collected.
Websites that don't end up collecting very personal data (such as credit card numbers) still regularly use APIs. Dictionary.com for example is used to look up words and definitions for free, but it still uses Google Analytics to help analyze site statistics.
Note how Google Analytics is noted as well as linked to the clause so readers can easily find out more and have more specific information about the use of their information.
Even if your website doesn't collect any information aside from Google Analytics data, you'll still need to comply with Google's requirements and disclose this information appropriately.
- Start collecting additional data
- Start using new ways to collect data
- Start using more APIs
- Start using other services
Emails are one of the most efficient ways to update your users as the emails go directly to their inbox and you don't have to wait until the user accesses your site for them to accept.
Note that this method can be used for updates to other legal agreements such as the Terms of Service and Payment Terms as Airbnb has done above.
Google requires that your notifications not only be clear, but timely as well.
Providing pop-ups right away when a user visits your site for the first time or including a link and a notification in your sign-up form, like Bluehost does, would be considered timely as it is early on in a user's interaction with your site:
Finding the notification of a change in the middle of a long post would not be "in context," instead, including it in your footer or on a sidebar would be better.
Since Pinterest is a search engine for pictures and ideas, its site continues to scroll through thousands of examples. This means that putting the link in the footer wouldn't be ideal as there is no real end to the page. Instead, Pinterest includes its links in a drop-down menu on the side of the website:
- Sign-up forms
COPPA, or the Children's Online Privacy Protection Act, applies to websites or apps whose audience includes children under the age of 13. The act was created to protect the disclosure and usage of private data of children.
Google does allow companies to use Google services to collect information if your company's primary or mixed audience includes children. However, it limits what services may be used. Google does not allow Google Sign-In or data from Google Accounts to be used:
Epic Games states that it doesn't intentionally target children under 13 or collect personal information from children in its Children's Privacy clause that meets COPPA requirements:
On the other hand, you have Disney whose audience is largely made up of children. It has a longer and more in-depth policy that directly pertains to children:
APIs help websites create user-friendly experiences, analyze site performance and accomplish a number of other important functions. Google is one of the top suppliers of APIs and hundreds of companies use these systems to interact with users or provide some type of service.
Make sure you follow the below requirements to protect your company from being restricted from using Google's APIs:
- Disclose the data you collect
- Disclose how and why it is collected
- Disclose what APIs you use
- If your audience includes children, or could include children, include a COPPA disclosure