Privacy advocates from 10 countries, including New Zealand,have rebuked Google for invasions of privacy, such as those highlighted by itsBuzz social networking tool, and Google Maps.
The Buzz add-on to Google Mail caused an outcry after it wasfound that it automatically assigned users a network of "followers"from among people with whom they corresponded most frequently on Gmail. Userswere not adequately informed about how this new service would work or providedwith sufficient information to allow informed consent. Google later added anopt-out function and apologised to Gmail users.
A letter, drafted by Jennifer Stoddart, PrivacyCommissioner of Canada, and signed by other official advocates including herNew Zealand counterpart Marie Shroff, was addressed to Google CEO Eric Schmidt.
It said: “We are increasingly concerned that, too often, the privacyrights of the world’s citizens are being forgotten as Google rolls out newtechnological applications. We were disturbed by your recent rolloutof the Google Buzz social networking application, which betrayed adisappointing disregard for fundamental privacy norms and laws. Moreover, thiswas not the first time you have failed to take adequate account of privacyconsiderations when launching new services.
“While your company addressed the most privacy-intrusiveaspects of Google Buzz in the wake of this public protest and most recently(April 5, 2010) you asked all users to reconfirm their privacy settings, weremain extremely concerned about how a product with such significant privacyissues was launched in the first place. We would have expected a company ofyour stature to set a better example. Launching a product in “beta” form is nota substitute for ensuring that new services comply with fair informationprinciples before they are introduced.
“It is unacceptableto roll out a product that unilaterally renders personal information public,with the intention of repairing problems later as they arise. Privacy cannot besidelined in the rush to introduce new technologies to online audiences aroundthe world.
“Unfortunately, Google Buzz is not an isolated case. GoogleStreet View was launched in some countries without due consideration of privacyand data protection laws and cultural norms. In that instance, you addressedprivacy concerns related to such matters as the retention of unblurred facialimages only after the fact, and there is continued concern about the adequacyof the information you provide before the images are captured.
“We recognise that Google is not the only online companywith a history of introducing services without due regard for the privacy ofits users. As a leader in the online world, we hope that your company will setan example for others to follow.
“We therefore call on you, like all organisations entrustedwith people’s personal information, to incorporate fundamental privacyprinciples directly into the design of new online services. That means, at aminimum:
- Collecting and processing only the minimum amount ofpersonal information necessary to achieve the identified purpose of the productor service;
- Providing clear and unambiguous information about howpersonal information will be used to allow users to provide informed consent;
- Creating privacy-protective default settings;
- Ensuring that privacy control settings are prominent andeasy to use;
- Ensuring that all personal data is adequately protected, and
- Giving people simple procedures for deleting their accountsand honouring their requests in a timely way.