- The Buzz on Google Buzz: Stoddart and Her Buddies Tackle Google
- May 14, 2010 | Author: Donald B. Johnston
- Law Firm: Aird & Berlis LLP - Toronto Office
Canada’s Privacy Commissioner, Jennifer Stoddart, and her privacy commissioner friends from France, Germany, Ireland, Israel, Italy, Holland, New Zealand (where is Old Zealand, anyway?), Spain and the United Kingdom have written an open letter to Google’s Chairman and CEO, Eric Schmidt.
I’ll bet they found out who he was by Googling him.
The letter starts off by applauding Google’s accomplishments and its willingness to discuss data protection. That was just to lull the unfortunate Mr. Schmidt into dropping his guard before lambasting him for rolling out Google Buzz and characterizing it as evidence of Google’s “... disappointing disregard for fundamental privacy norms and laws.”
Google Buzz is a new social networking application. It is built on Google’s wildly successful Gmail™ application. However, instead of allowing a user to communicate only on a one-to-one basis in the usual way of email, in its initial roll-out it automatically assigned users a network of “followers” - electronic homies, if you will - which included the people with whom the user normally corresponds by email.
You could imagine, for example, that Ms. Stoddart’s Google Buzz homies would include the privacy commissioners of, for example, France, Germany, Ireland, Israel, Italy, Holland, New Zealand, Spain and the United Kingdom.
The heartburn that the privacy commissioners suffered, as they explain in their letter, is that users were not adequately informed about how the Buzz service affected their privacy. As the letter puts it, “This violated the fundamental principle that individuals should be able to control the use of their personal information.”
The letter points out that Google did respond quickly to the “outrage” of users by making some software changes, providing better information about the service and asking users to reconfirm their privacy settings. However, Stoddart et al. are still concerned about how such an intrusive product could have been rolled out in the first place. The letter eloquently states, “It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise.”
Harsh words indeed.
The letter then goes on to upbraid Mr. Schmidt for the previous roll-out of Google Street View without consideration of privacy issues and “Cultural Norms.” (I imagine that Google ultimately blurred out face names only after receiving millions of complaints from people named “Norm.”)
Then, after flogging Mr. Schmidt publicly, the letter goes on to call upon Google, as an industry leader, “... to incorporate fundamental privacy principles directly into the design of new online services.” It goes on to say that this can be done by:
(a) collecting only the minimum personal information needed to provide the service;
(b) being clear about how the personal information will be used;
(c) using “default” settings that are protective of privacy;
(d) making sure that privacy control settings are prominent and easy to use;
(e) protecting all personal information; and
(f) making account deletion easy and timely.
Mr. Schmidt is probably still smarting after being publicly humiliated by no fewer than ten privacy commissioners. He may not even have known about the privacy issues until hearing about them the hard way.
It will be interesting to see how Google responds, if at all, to the letter. My advice to Google would be to write privately to each of the privacy commissioners, to gently chide them for needlessly “going public” and to say that Google has already been working on ways of bringing privacy impact assessments to the fore in all its business processes. He might also inquire as to whether any of their governments could use a little of his advice in getting their finances in order.