A global coalition of 10 privacy regulators is chiding Google for taking a lackluster approach to protecting its users’ privacy, singling out the recent launch of the Buzz social networking service as the latest in a string of product rollouts in which the company appeared to treat privacy as an afterthought.
Led by Canadian Privacy Commissioner Jennifer Stoddart, the officials have delivered a letter to Google CEO Eric Schmidt that asks the company to scale down the amount of data it collects about its users and provide more transparent notice about how that information will be used.
“We are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications,” they wrote.
With Buzz, Google was looking to give its Gmail service a social-networking overlay, surfacing connections based on the people with who users wrote and instant-messaged most frequently. But under the default settings, people’s private connections could be made public, sparking outrage from some users and members of the privacy community.
Google moved quickly to implement a series of updates to tighten up the sharing settings on Buzz. But for critics, that cycle only reinforced a troubling pattern of releases that overstep on the privacy front, followed by a groundswell of protest and then, eventually, changes to the product’s settings that they argue should have been included in the initial rollout.
“We remain extremely concerned about how a product with such significant privacy issues was launched in the first place,” the regulators wrote. “We would have expected a company of your stature to set a better example.”
They cited the international rollout of Street View as another instance when Google had to tweak the product to address privacy concerns and certain countries’ data-protection laws.
In addition to capping its data-collection apparatus at the minimum amount of information necessary, the regulators asked Google to ensure that opt-out mechanisms are prominently displayed and intuitive, and to include strong privacy protections in the default settings of new products.
Responding to the letter, Google called attention to the recent initiatives it has launched to provide users with more insight into how their information is collected and options for controlling how it is used. Those efforts include Google’s privacy dashboard, the Ads Preferences Manager and the Data Liberation Front, an engineering division that offers users the ability to manipulate how their information is used across Google’s product lines.
“We try very hard to be upfront about the data we collect, and how we use it, as well as to build meaningful controls into our products,” a Google spokesman told InternetNews.com. “Of course, we do not get everything 100 percent right — that is why we acted so quickly on Buzz following the user feedback we received.”
Stoddart last year headed up a lengthy investigation of Facebook’s privacy practices, which ultimately prompted the company to update its data-collection policies in August. Then in January, responding to a fresh complaint about Facebook’s site-wide privacy overhaul, Stoddart opened a new probe of the company.
Joining Stoddart as signatories of the letter were the chief privacy regulators of France, Germany, Israel, Italy, Ireland, Netherlands, New Zealand, Spain and the United Kingdom.
In the United States, a group of lawmakers has called on the Federal Trade Commission to open a probe into Google Buzz, echoing the complaint filed in February by the Electronic Privacy Information Center, a prominent privacy rights group.