Building privacy and security that works for everyone

The Google Safety Engineering Center in Munich is a global hub for privacy and safety engineering. Engineers Wieland Holfelder and Stephan Micklitz explain how Google builds transparency and control into its products.

Wieland Holfelder was still living in the US when he received his acceptance letter for a new job at Google. He’d moved to Silicon Valley from Germany and had been working there for 12 years, for companies including Mercedes-Benz. In 2008, everything changed. Holfelder’s American friends and colleagues were excited about his new position and employer. But his future workplace wasn’t in Mountain View, California – it was in Munich, Germany. There, his news was often met with less enthusiasm. As well as the usual congratulatory messages, Holfelder also received occasional frowns and questioning looks from his German friends when he mentioned the name “Google.” But Holfelder knows how sensitive Europeans – and especially Germans – can be when it comes to their data.

Holfelder, the Site Lead for Google’s Engineering Center, is sitting in the Munich office’s canteen, which feels more like a restaurant with its tasteful décor and floor-to-ceiling windows. From the fragments of conversation that can be made out over the general buzz in the room, it’s clear that English is the lingua franca of Munich’s “Googlers.” And the Silicon Valley influence doesn’t end there – the brick building, which was opened in 2016, houses a fitness studio, coffee bar, billiard room, and library. Around 750 employees from all over the world work at this branch, most of whom are software developers. Their working hours often spill into the evening, as video conferences with colleagues at Google’s headquarters in Mountain View are only possible from early evening onwards.

The main goal is for users to have total transparency and control when it comes to how their data is used

And yet Google’s Munich operation still manages to feel very German – partly thanks to many playful details such as conference rooms designed to look like local subway stations, or classic Bavarian wood-paneled rooms. But for Holfelder, the most typically German thing about the site is what he proudly refers to as “our local advantage”: his Munich engineers. “Here in Munich,” explains Holfelder, “we’re building products and services for Google – and for users all over the world – in the area of data privacy.” The main goal is for users to have total transparency and control when it comes to how their data is used. And Germany is the ideal location for people to work on this task.

Director of Engineering Stephan Micklitz, who is responsible for the data privacy standards of Google’s products globally, also works at the Munich office. Having joined the team in 2007, he is one of the original Munich Googlers. It was Micklitz and his team that developed the original My Account service, which later became Google Account. This digital cockpit can be used by anyone who has an account with Google, as well as those who simply use Google’s search engine or YouTube. Google Account allows settings to be easily managed. Users can also run a Security Checkup to see how well their data is protected against an external attack, and use the Privacy Checkup to decide what personal information of theirs is stored on Google’s servers and what isn’t.

"Here in Munich, we’re building products and services for Google – and for users all over the world – in the area of data privacy."

Wieland Holfelder

“The idea was to create a central hub for all these sorts of questions,” says Micklitz. “We wanted to bundle answers onto two pages, together with all setting configuration options – but with a focus on the most important steps, so as not to overwhelm users.” Micklitz has just fetched a coffee from one of Google’s staff kitchenettes, known as “microkitchens,” where a six-foot-high fridge is kept fully stocked with drinks. The glass doors provide a clear view of the top two rows, which are filled with bottles of mineral water. The rest of the fridge’s contents are hidden behind frosted glass. First come the sparkling juices, then the regular juices, then finally the iced teas and unhealthy fizzy drinks on the bottom shelves. “We engineers don’t like leaving anything to chance,” says Micklitz.

Wieland Holfelder (right) is Vice President, Engineering at Google Germany. His colleague, Stephan Micklitz, has led Google’s global Privacy and Security team since 2010. This makes them the perfect contacts for anyone interested in finding out how the company handles data.

According to Holfelder and Micklitz, no other company in the industry is doing as much to protect its users’ data from online attacks. And it’s true that Google’s server infrastructure is considered one of the most secure in the world. The security system is complex and includes multiple levels. Data is stored in encrypted form in data centers around the world – facilities that resemble maximum-security prisons. “Even if someone in one of our biometrically protected data centers came across a hard drive containing your emails, they wouldn’t be able to do anything with it,” explains Holfelder. “All the information on it is distributed across various data centers – and it’s encrypted.” Plus, if hackers discover a weakness in Google’s interfaces or products despite all these measures, the company offers generous rewards in return for this information. It’s therefore more worthwhile for would-be cybercriminals to report a security vulnerability than to exploit it.

"The idea was to create a central hub for all questions related to privacy and security."

Stephan Micklitz

There are two particularly important messages to take away from the conversation with Holfelder and Micklitz. First, anyone who sets up an email account or uploads photos to the cloud with Google should know that all their messages and images are as secure as they could possibly be. Second, anyone who uses Google to search and surf the web can determine for themselves which data Google is allowed to collect and use. “Personally, I appreciate it when my cell phone gives me traffic updates and tells me, for example, that I have to leave now if I want to make my flight because there’s a traffic jam on the highway,” says Holfelder. “But everyone can decide for themselves whether or not to turn this function on.”

Google Chrome gingerbread hearts: rooms in the Google site in Munich have a playful, ironic feel.

The same is true of ads, which is how Google makes most of its money. Data can help make ads more relevant to you -- so that if you’re looking for a new grey sofa, you see ads that answer that need. Some people find this useful; others find it irritating. Micklitz explains that it’s possible to simply switch off this ad personalization feature. “Via Google Account, of course,” he adds. Users who turn this feature off will still see ads, but they will no longer be tailored to their interests. “We use data to make advertising more relevant to our users,” Holfelder chimes in. “But we don’t sell any personal data.”

Photographs: Myrzik & Jarisch


Learn how we keep more people safe online than anyone else in the world.

Learn more