Google's privacy woes have been largely exaggerated. The only two that are of actual control haven't gotten as much attention as they should have, perhaps. The first would be the Street View WiFi disaster, not necessarily the initial incident, but more recent developments like the fact that Google "forgot" to delete all of the data it said it deleted. The second foul play was the Safari cookie incident.
Both of those cases had more to do with teams doing things unsupervised or no one knowing who is supposed to be in charge. Which is why it's a good thing that Google is now putting together a "red team" to oversee all of its products and look for privacy and security flaws.
This team isn't designed to set policies or even enforce them, rather, its goal is to look at the entire Google infrastructure and see where information may leak out, where systems are poorly designed from a privacy or security point of view.
Google has a job announcement asking for a Data Privacy Engineer for the Privacy Red Team, which is how the existence of the team was discovered. The move is an encouraging one, even though Google probably still needs to do more, especially at a higher level.
"As a Data Privacy Engineer at Google you will help ensure that our products are designed to the highest standards and are operated in a manner that protects the privacy of our users. Specifically, you will work as member of our Privacy Red Team to independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today," Google asks
in its job offering.
"Top candidates will have an intimate knowledge of the inner workings of modern web browsers and computer networks, enjoy analyzing software designs and implementations from both a privacy and security perspective, and will be recognized experts at discovering and prioritizing subtle, unusual, and emergent security flaws," it says.