Privacy advocates from 10 countries, including New Zealand,
have rebuked Google for invasions of privacy, such as those highlighted by its
Buzz social networking tool, and Google Maps.
The Buzz add-on to Google Mail caused an outcry after it was
found that it automatically assigned users a network of "followers"
from among people with whom they corresponded most frequently on Gmail. Users
were not adequately informed about how this new service would work or provided
with sufficient information to allow informed consent. Google later added an
opt-out function and apologised to Gmail users.
A letter, drafted by Jennifer Stoddart, Privacy
Commissioner of Canada, and signed by other official advocates including her
New Zealand counterpart Marie Shroff, was addressed to Google CEO Eric Schmidt.
It said: “We are increasingly concerned that, too often, the privacy
rights of the world’s citizens are being forgotten as Google rolls out new
technological applications. We were disturbed by your recent rollout
of the Google Buzz social networking application, which betrayed a
disappointing disregard for fundamental privacy norms and laws. Moreover, this
was not the first time you have failed to take adequate account of privacy
considerations when launching new services.
“While your company addressed the most privacy-intrusive
aspects of Google Buzz in the wake of this public protest and most recently
(April 5, 2010) you asked all users to reconfirm their privacy settings, we
remain extremely concerned about how a product with such significant privacy
issues was launched in the first place. We would have expected a company of
your stature to set a better example. Launching a product in “beta” form is not
a substitute for ensuring that new services comply with fair information
principles before they are introduced.
“It is unacceptable
to roll out a product that unilaterally renders personal information public,
with the intention of repairing problems later as they arise. Privacy cannot be
sidelined in the rush to introduce new technologies to online audiences around
“Unfortunately, Google Buzz is not an isolated case. Google
Street View was launched in some countries without due consideration of privacy
and data protection laws and cultural norms. In that instance, you addressed
privacy concerns related to such matters as the retention of unblurred facial
images only after the fact, and there is continued concern about the adequacy
of the information you provide before the images are captured.
“We recognise that Google is not the only online company
with a history of introducing services without due regard for the privacy of
its users. As a leader in the online world, we hope that your company will set
an example for others to follow.
“We therefore call on you, like all organisations entrusted
with people’s personal information, to incorporate fundamental privacy
principles directly into the design of new online services. That means, at a
- Collecting and processing only the minimum amount of
personal information necessary to achieve the identified purpose of the product
- Providing clear and unambiguous information about how
personal information will be used to allow users to provide informed consent;
- Creating privacy-protective default settings;
- Ensuring that privacy control settings are prominent and
easy to use;
- Ensuring that all personal data is adequately protected, and
- Giving people simple procedures for deleting their accounts
and honouring their requests in a timely way.
expect all organisations to comply with relevant data protection and privacy
laws. These laws apply online, just as they do in the physical world. As well,
we encourage organisations to engage with data protection authorities when
developing services with significant implications for privacy.”