Information and privacy commissioners from the UK, France, Germany, Israel, Italy, Ireland, Netherlands, New Zealand, Spain and Canada have written to Google to express their concerns about privacy issues related to Google Buzz.
The open letter to Google CEO Eric Schmidt claims that it is ‘disturbed by your recent rollout of the Google Buzz social networking application', which they state shows a disappointing disregard for fundamental privacy norms and laws.
Buzz, launched earlier this year to combine functionality similar to social networking sites and instant messenger solutions, is built into Gmail and adds ‘friends' from regular contacts.
However initial criticism came from users who could not control who was added to the lists. Google responded by making a checkbox more prominent and not connecting a user's public Picasa web albums and Google Reader shared items automatically.
It further revamped the service this month to suggest people to follow instead. However this has not met with the approval of the likes of the UK information commissioner, Christopher Graham, and Jennifer Stoddart, privacy commissioner of Canada.
They claimed that Buzz ‘violated the fundamental principle that individuals should be able to control the use of their personal information'.
The letter said: “Users instantly recognised the threat to their privacy and the security of their personal information, and were understandably outraged. To your credit, Google apologised and moved quickly to stem the damage.
“While your company addressed the most privacy-intrusive aspects of Google Buzz in the wake of this public protest and most recently you asked all users to reconfirm their privacy settings, we remain extremely concerned about how a product with such significant privacy issues was launched in the first place.
“We would have expected a company of your stature to set a better example. Launching a product in ‘beta' form is not a substitute for ensuring that new services comply with fair information principles before they are introduced.”
It claimed that it is unacceptable to roll out a product ‘that unilaterally renders personal information public, with the intention of repairing problems later as they arise', and said that ‘privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world'.
It called on Google to ‘incorporate fundamental privacy principles directly into the design of new online services', and at a minimum it should:
- Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service
- Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent
- Create privacy-protective default settings
- Ensure that privacy control settings are prominent and easy to use
- Ensure that all personal data is adequately protected
- Give people simple procedures for deleting their accounts and honour their requests in a timely way.
It concluded by claiming that it expects all organisations to comply with relevant data protection and privacy laws, and encouraged organisations to engage with data protection authorities when developing services with significant implications for privacy.
The letter said: “As your users made clear to you in the hours and days after the launch of Google Buzz, privacy is a fundamental right that people value deeply. As regulators responsible for promoting and overseeing compliance with data protection and privacy laws, we hope that you will learn from this experience as you design and develop new products and services.”
Google responded in a statement that it had nothing to add. It said: “We try very hard to be upfront about the data we collect, and how we use it, as well as to build meaningful controls into our products.
“Of course we do not get everything 100 per cent right - that is why we acted so quickly on Buzz following the user feedback we received. We have discussed all these issues publicly many times before.”