Friday, 10 September 2010

Google to talk on privacy by design - ironic after Buzz, StreetView etc?

You can register to attend a tech talk by Google Privacy Product Manager Yariv Adan, entitled "Designing Privacy as a Product" if you're in Brussels on Mon 27 Sept 2010. They're even providing lunch. The Google blog post says:

Google has a whole group of engineers and product managers solely focused on developing innovative privacy features. Do you want to get an insider’s view into this team and the industry leading products they launched? What are the goals and principles leading their work? How do they "design for privacy"? How do they get users engaged? What are the challenges they face?...

Yariv has spent three years focused on building innovative products that protect both your privacy and your data, and will provide his insights into the goals and challenges we face as a company today.

If you're not a Brussels resident (is there a word for that, like Londoner? I dare not suggest the S word) and you can't flit over there, no doubt Google will be recording the talk. If so, I'll post the video as soon as I know the link.

Google has recently settled, to the tune of US$8.5 million for privacy advocates / educators, plus promises to help educate users on privacy, class action litigation by US Gmail users over Buzz, which exposed to the world Gmail users' "top" contacts (in Google's automated opinion) and other info users expected to be private, like what RSS feeds they subscribe to. (See the Buzz settlement agreement terms.)

And Google is under privacy regulators' microscopes in various countries in relation to the collection of people's wifi data by Street View vehicles (on which I plan to blog more anon).

So any focus on privacy by design / privacy enhancing technologies is welcome, but one can't help thinking that it would behove Google to make these kinds of talks compulsory internally too, and - even more to the point - to overhaul their internal procedures and processes relating to the public rollout of new products / services or updates in order to ensure compliance with privacy and data protection requirements.

As LightBlueTouchPaper pointed out, a compulsory internal compliance / privacy testing review before Buzz's launch would have caught the problem.

The Google Buzz fiasco was partly a product design issue, true (it seems they didn't think through the implications). But it was also partly caused by Google's failure to test Buzz externally, even within a limited group, before its public launch (see BBC, Forrester).

Perhaps this talk is a sign that Google are starting to change their "pay for services with privacy; personal information needn't be private" culture - but a lot more surely remains to be done on that front.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.