ITAM Practices Empower Comprehension Of and Compliance With Contractual URLs

Sundar Pichai, the CEO of Google, testified before the House Judiciary Committee on Capitol Hill December 11, 2018. Pichai responded to questions on a variety of topics including Google’s practices and policies regarding user privacy, specifically concerning how much data Google collects from its users and why.

When a user creates a Google account, he or she is asked for personal information including their last name, birthday, gender, and optional private information such as a phone number or recovery email address. These questions are listed beside an icon above the statement “Your personal info is private & safe.”

After entering all of the above information the user moves on to the “Privacy and Terms” portion which reads, “To create a Google Account, you’ll need to agree to the Terms of Service below.” The text goes on to explain several points about the data processed. Most notably, that Google stores the following:

  • Gmail messages
  • YouTube video comments
  • Location

The content goes on to explain, “Why we process it.” Reasons include:

  • “help our services deliver more useful, customized content,”
  • “deliver personalized ads,”

The last paragraph, “You’re in control,” emphasizes that the user can control how Google collects and uses data. Those additional options are located below the Privacy and Terms.

One of the statements absent from the initial summary of the Privacy and Terms is the following located under the far more detailed “We may modify these terms or any additional terms that apply to a Service to, for example, reflect changes to the law or changes to our Services. You should look at the terms regularly.”

IT Asset Managers struggle with Google’s warning to refer back to Terms and Conditions on a regular basis to avoid precisely what the statement admits: terms of Google and many other websites can be modified at any time without notifying its users. Those same users are notorious for not reading the Terms and Conditions in the first place and an even smaller minority is likely to return to the rules. This is especially true when those rules are difficult to locate on the site or seemingly hidden amongst other statements.

These statements are called contractual URLs. They are contracts located on a specific subsite of a business’ website. These are contracts that users rarely if ever know about.

For businesses and other organizations this is an especially dangerous obstacle. Contractual URLs may determine how you interact with the website, how much you pay, how you pay, what can be changed and more at any point in time. There are consequences for noncompliance with these URL contracts whether that noncompliance is accidental or not.

Fortunately, IT Asset Managers are positioned to locate, comprehend, and follow up with license agreements. This includes contractual URLs. License management is an ITAM specialty. ITAM specializes in managing software licenses that are signed agreements. These licenses are often negotiated and agreed upon by the business as well as the service provider. These unsigned, un-negotiated, oftentimes unknown contractual URLs don’t require signatures and yet are still valid and enforceable. Organizations need a mature and robust IT Asset Management program to stay up to date and even a step ahead of the contractual URLs.

Google users have the option to turn their settings on and off. They can decide whether or not they want their location monitored, their ads customized, or their phone number revealed. However, they do not have the option to receive immediate updates when there are “non-material” changes made to the contracts they are required to obey. Doug Collins, a Republican from Georgia and the leader of the Judiciary Committee, made a point to Sundar Pichai in the December 11th meeting that Google has updated its privacy policies 28 times since January 2016. It is unclear how many of those changes were communicated to the users and how many went unnoticed.

What is the next step for organizations affected by contractual URLs? The way forward is with a trained IT Asset Management program managed by professionals familiar with license management and the impact of contract URLs. IT asset managers will continue to fulfill a significant role within organizations and maintain their compliance regardless of size, industry, or location.

Investigating Google’s Tracking Capabilities, Fox & Friends, 12 Dec.  2018,
Congress Grills Google CEO on Data Collection, CNN Business, 12 Dec.  2018,


International Association of Information Technology Asset Managers

The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit