HomeIntelligenceBrief
BREACH BRIEF🟢 Low Advisory

Google Introduces Granular Privacy Controls for Search Services and Play, Expanding User Choice Over Activity History

Google rolled out new settings that separate Search Services History from Personalized Recommendations, giving users finer control over saved activity and media. The change highlights the need for organizations to align consent and DSAR processes with evolving privacy expectations.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 bleepingcomputer.com
🟢
Severity
Low
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Google Introduces Granular Privacy Controls for Search Services and Play, Expanding User Choice Over Activity History

What Happened — Google announced new privacy settings that separate “Search Services History” and “Personalized Recommendations” from the legacy “Web & App Activity” control. The changes affect Search, Maps, Shopping, Hotels, Flights, Translate, News, and Google Play, letting users decide whether their activity—including images, audio, and video—is saved or used for personalization.

Why It Matters for Compliance & Audit Readiness

  • The rollout illustrates how a large platform operationalizes GDPR/CCPA‑required data‑subject controls (right to access, rectification, erasure, and consent withdrawal).
  • Continuous‑compliance programs must be able to evidence that such granular controls are offered, communicated, and that user choices are respected in processing logs.
  • Verisq’s CookiePLUS privacy capability can map Google’s new settings to your own consent‑management and DSAR processes, providing audit‑ready evidence of compliance.

Who Is Affected — Consumer‑facing tech companies, SaaS platforms, and any organization that processes user activity data for personalization across web, mobile, or app ecosystems.

Recommended Actions

  • Review your privacy‑notice and consent flows to ensure they mirror the granularity Google now provides (separate history vs. recommendation toggles).
  • Update internal data‑processing inventories to capture the new categories of saved media (images, audio, video) and map them to GDPR/CCPA lawful bases.
  • Validate that your DSAR procedures can locate and delete data based on the newly segmented controls.
  • Document the control change in your SOC 2 Trust Services Criteria (CC1 – Confidentiality, CC5 – Privacy) and retain evidence of user‑choice logs.

Source: BleepingComputer – Google releases new privacy controls for activity history, personalization

Technical Notes

  • No new vulnerability disclosed; the change is a product‑feature update.
  • Affected services: Google Search, Maps, Shopping, Hotels, Flights, Translate, News, and Google Play.
  • New controls: “Search Services History” (activity logging) and “Personalized Recommendations” (algorithmic tailoring).
  • Media types now explicitly covered: images, files, audio, video captured via Lens or other interactive search features.
📰 Original Source
https://www.bleepingcomputer.com/news/google/google-releases-new-privacy-controls-for-activity-history-personalization/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →