Probably not as big as is made out. Last month, Privacy International released a survey called A Race to the Bottom (privacyinternational.org) in which Google came last among a selection of large internet companies and was dubbed "hostile to privacy".
Meanwhile, the US Federal Trade Commission continues to investigate Google's proposed acquisition of DoubleClick, an online advertising agency that tracks user's browsing habits in order to serve up targeted ads.
Last week, Google announced it will shorten the lifetime of the cookies it leaves on users' systems to two years (formerly expiring in 2038) and will anonymise user logs after 18 months. However, these initiatives are essentially meaningless. The cookies will be renewed any time a user uses a Google service: Gmail, Blogger, Google Earth, Google Checkout, YouTube, Orkut.
Google has claimed it needs to retain user data under the EU's data retention rules, but it's not clear that this is actually correct. There is no doubt that Google's size and market position, its reliance on advertising for revenues and the breadth of its very popular services means that it is in a position to amass large quantities of user data.
There is also no doubt that all that data can be assembled into comprehensive datagrams of specific individuals. There are many things Google could do that would improve users' control over their privacy. It could offer the option to view and delete Google cookies and logs. It could offer anonymous browsing, an option it has ruled out. It could change the way it saves user preferences.
On the other hand, as far as anyone knows, Google has yet to do anything bad with those masses of data. And shouldn't the company actually commit the crime before we punish it?
No responsibility can be taken for the content of external Internet sites.