Google Inc., on Tuesday, was given a stern warning by an international group of privacy advocates spearheaded by the Privacy Commissioner of Canada.
Jennifer Stoddart played a key role in organizing privacy watchdogs from Canada, France, Germany, Israel, Italy, Ireland, the Netherlands, New Zealand, Spain and the United Kingdom. The group signed an open letter and held a press conference slamming Google Buzz privacy mishaps and threatened enforcement measures against online companies that disregarded privacy laws and norms.
“This group has come together to denounce the latest incident that shows wilful disregard for privacy in online services,” Stoddart said at the press conference. “We will continue to look at the possibility of audits and investigations as a group.”
Google displayed a “disappointing disregard for fundamental privacy norms and laws” when it launched its Google Buzz social networking service in February, the open letter to Google CEO Eric Schmidt states. Buzz essentially transformed Gmail’s private one-to-one communications service into a public service that revealed personal information without user consent. Buzz automatically revealed a user’s most common contacts, for example.
“There were some pretty obvious transgressions of Canadian privacy standards,” Stoddart said. “I can’t say they have broken the law, because that would require that I conduct an investigation.”
The letter demands a response from Google. The search giant will do that, but it’s not sure what form that will take just yet, according to Wendy Rozeluk, a spokesperson with Google Canada. The Mountain View, Calif.-based company was surprised to be the only company specifically targeted by the group of privacy authorities.
Google attempts to be as open and transparent as possible, Rozeluk says. It didn’t intentionally make anyone unhappy with Buzz, reacted quickly to change the product, and has continued to make improvements. Google offers users a Privacy Dashboard to allow easier control of personal information associated with their profiles.
Stoddart acknowledges that Google did react quickly after the public outcry about Buzz. “Google has recognized it made an error … the issue right now is not the state of Google Buzz. The question is how could you release something without understanding the privacy impact?”
The privacy authorities publicly calling out Google are reacting appropriately to a pattern of neglect for privacy, says John Lawford, a lawyer with Ottawa-based Public Interest Advocacy Centre.
“They are getting tired of dealing with Google or Facebook, having endless meetings with them, and then [seeing] companies do just what they want,” he says.
Google made a similar privacy flub when it launched Google Streetview in some countries, Stoddart says. Only after complaints did the company adjust its street-level mapping service to blur out faces and car licence plates.
“We want to send a strong message you can’t go on using people’s personal information to launch a new product,” Stoddart says. “Do your testing before and make sure it complies with privacy legislations.”
Google does believe in launching new tools quickly in beta and then adding features and improvements based on user feedback, Rozeluk says. But a team of privacy professionals guides development of Google products and the importance of privacy isn’t less for a beta product, she adds.
Privacy authorities are calling on Google to better follow several privacy practices outlined in the open letter. Google should collect and process only the minimum amount of personal information necessary and provide clear information on how it will be used, the letter says. Google should also create privacy-protective default settings and easy-to-use privacy tools.
“In our countries, personal information is personal, you can’t just deem it to be public,” Stoddart says. “It’s another example of egregious disregard for privacy.”
Canada’s Privacy Commissioner office launched its second investigation into Facebook Jan. 27. Last summer, the office conducted an investigation and demanded Facebook make several changes to its privacy policies and third-party application platform. Facebook committed to put those changes in place by Sept. 1.
The press conference had a tough tone as Stoddart was backed by European privacy leaders who promised action if this final warning wasn’t heeded.
“We don’t hesitate to use our powers to ensure the right to privacy when, and if, this last warning seems to be ignored,” says Jacob Kohnstamm, chairman of the group and a privacy advocate from The Netherlands. “The only way to avoid enforcement is compliance.”
Enforcement options in Canada include an investigation and possibly being taken to Federal Court, Stoddart says. Elsewhere, companies could face fines for failing to comply.
But the liklihood that would ever actually happen is low, Lawford says. The Privacy Commisioner isn’t funded well enough to pursue a Federal Court case and still carry out its other duties. A loss in court is also too risky a prospect.
“There’s no real ability for them to stop this, so they’re naming them and shaming them,” he says.
The group expects to hear Google’s plan to ensure privacy regulations are adhered to with future product launches, Stoddart says.
Google launches Government Requests tool
In a busy day for Google in the privacy department, the search giant also launched a Google Maps mash-up revealing all government requests for user data or removals during the latter half of 2009. Google plans to update the information in six-month increments.
“We already try to be as transparent as legally possible with respect to requests,” Google stated in an official blog post. “Whenever we can, we notify users about requests that may affect them personally.”
This is taking that a step further by breaking down the total number of requests by jurisdiction, Google adds. It also includes how many requests Google complied with.
Canada made 16 removal requests of Google between July and December 2009. Those included 12 YouTube videos, two groups, one Web search and one Blogger post. Google complied with 43 per cent of these requests.
Canada also made 41 data requests of Google over the same period.
Brazil was the country with the highest number of removal and data requests listed on the map, with 291 and 3,663 respectively. China’s label is only a red question mark because “Chinese officials consider censorship demands as state secrets,” according to the tool.
No African countries are labeled on the map, and many countries in the Middle East are also unaccounted for.
Follow Brian Jackson on Twitter.