Privacy watchdogs from 10 countries (among them UK, France,
Germany, Israel, Canada, New Zealand) have
written to Google to protest
about the
company’s disregard for data protection laws. The letter
especially criticizes the way Google Buzz was introduced: "...we
are increasingly concerned that, too often, the privacy rights
of the world’s citizens are being forgotten as Google rolls out
new technological applications. We were disturbed by your
recent rollout of the Google Buzz social networking application,
which betrayed a disappointing disregard for fundamental privacy
norms and laws. Moreover, this was not the first time you have
failed to take adequate account of privacy considerations when
launching new services. ...
In essence, you took Google Mail (Gmail), a private, one-to-one
web-based e-mail service, and converted it into a social
networking service, raising concern among users that their
personal information was being disclosed. Google automatically
assigned users a network of “followers” from among people with
whom they corresponded most often on Gmail, without adequately
informing Gmail users about how this new service would work or
providing sufficient information to permit informed consent
decisions. This violated the fundamental principle that
individuals should be able to control the use of their personal
information. ...
It is unacceptable to roll out a product that unilaterally
renders personal information public, with the intention of
repairing problems later as they arise. Privacy cannot be
sidelined in the rush to introduce new technologies to online
audiences around the world..."
And how should Google behave in the future:
"We
therefore call on you, like all organisations entrusted with
people’s personal information, to incorporate fundamental
privacy principles directly into the design of new online
services. That means, at a minimum:
-
collecting and
processing only the minimum amount of personal information
necessary to achieve the identified purpose of the product
or service;
-
providing clear and
unambiguous information about how personal information will
be used to allow users to provide informed consent;
-
creating
privacy-protective default settings;
-
ensuring that privacy
control settings are prominent and easy to use;
-
ensuring that all
personal data is adequately protected, and
-
giving people simple
procedures for deleting their accounts and honouring their
requests in a timely way.
In addition to
respecting these broad principles, we also expect all
organisations to comply with relevant data protection and
privacy laws."