Privacy and data protection regulators from Canada, France, Germany, Ireland, Israel, Italy, Netherlands, New Zealand, Spain and UK sent Google a joint letter yesterday, 19 April 2010, expressing their concerns.
They said to Google that they were "disturbed by your [i.e. Google's] recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws. Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services."
They also said they
"remain extremely concerned about how a product with such significant privacy issues was launched in the first place. We would have expected a company of your stature to set a better example. Launching a product in “beta” form is not a substitute for ensuring that new services comply with fair information principles before they are introduced.
It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.
Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms."
The privacy authorities have called on Google to incorporate privacy principles into the design of new services, at a minimum -
- collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
- providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
- creating privacy-protective default settings;
- ensuring that privacy control settings are prominent and easy to use;
- ensuring that all personal data is adequately protected, and
giving people simple procedures for deleting their accounts and honouring their requests in a timely way.
And they've asked Google for "a response indicating how Google will ensure that privacy and data protection requirements are met before the launch of future products."
Now Google published their "privacy principles" back in Jan 2010 (complete with YouTube video). Here they are, if you care to compare them with the above (just in outline, see the principles for their detailed notes, though some might question to what extent item 1 is a "privacy principle"!):
- Use information to provide our users with valuable products and services.
- Develop products that reflect strong privacy standards and practices.
- Make the collection of personal information transparent.
- Give users meaningful choices to protect their privacy.
- Be a responsible steward of the information we hold.
Good noises, but it looks like the focus has to be on the implementation in practice.
It certainly seems Google have latterly become more aware of the importance of being (or appearing to be) privacy-friendly, as witness their letter to the US FTC about Google's commitment to transparency etc etc - coincidentally or not, sent the same day as the privacy chiefs' joint letter. (Side comment - oddly enough, Google posted the letter on Scribd rather than Google Docs. I've also noticed other Google info posted on Scribd recently. AFAIK Google haven't acquired Scribd - yet? Should one invest in Scribd??)
Back on topic, amusingly enough I found that a Google blog post "privacy protections are good for our..." does not exist! More precisely, my Google Reader feed showed an item for a Google blog post (about a Forbes article and presentation regarding "how privacy is something we think about everyday because it’s good for our users and critical for our business"), but clicking the link in the feed led to the following -
I suspect the poster deleted and reposted their blog but it's not updated on Reader yet! That blog post is actually here.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.