Global privacy leaders to Google: We hope Buzz taught you a lesson
Google Buzz should not have changed Gmail to such an extent that its existing users found themselves sharing personal information on a social network without their consent. That's the message sent in a letter to Google CEO Eric Schmidt yesterday, made public today by Canada's Privacy Commissioner, Jennifer Stoddart.
In that letter, Stoddart and her counterparts from nine countries asked Google to provide them with a report about the lessons the company has learned from the Buzz experience, and how those lessons will improve the way Google rolls out products in the future.
"It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world," wrote the privacy regulators for Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain, and the United Kingdom (PDF available here). "Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured."
Although the United States does not have a specifically defined "commissioner of privacy," the Federal Trade Commission does oversee privacy issues. Its statement on the matter came last month from outgoing Commissioner (now retired) Pamela Jones Harbour, whose message before a global privacy roundtable in Barcelona (PDF available here) was not without venom:
Think about it: when Gmail first emerged, social networking was barely even a reality. When consumers, especially early adopters, created their Gmail accounts, their expectations did not include social networking. In my view, therefore, a reasonable consumer would consider the initial opt-in of Buzz to be a material change in her relationship with Google. Consumers, not companies, should exercise the ultimate decision on whether they want to sign up for new "features" that might expose additional data.
I am especially concerned that technology companies are learning harmful lessons from each other's attempts to push the privacy envelope. Of course, providing new features to users, and making the user experience more enjoyable, are excellent goals. These efforts may win new users while also building additional loyalty in existing users. But even the most respected and popular online companies -- the ones who claim to respect privacy -- continue to launch products where their guiding privacy principle appears to be, "Throw it against the wall, see if it sticks -- and if not, we can always pull it back." Deeds speak louder than words, and this is turning into a dangerous game of "copycat" behavior. And unlike a lot of tech products, consumer privacy cannot be run in beta. Once data are shared, control is lost forever. In the extreme, it is only a matter of time before one might imagine the introduction of new "features" that incorporate, for example, genomic information, or data from personal health records. The privacy stakes will only get higher.
Google does not show any signs of pulling Buzz back, having implemented one new privacy provision earlier this month: giving existing Buzz users a second chance to choose which other members are on their friends list. In Buzz's initial rollout, the system selected new friends on members' behalf after first perusing their list of most common Gmail recipients. New members could override those choices, but that override was not very intuitive. As a result, many new members ended up publishing their frequent Gmail contacts as "friends," to be seen by other Buzz members, even though those contacts may have been less than friends...or more than friends.
Although Buzz product manager Todd Jackson's message last April 5 remained apologetic on behalf of the company's first attempt, he maintained Google's "stick-to-it-iveness" with regard to the principle that the establishment of one's new social network can be an automatic thing.
"Shortly after launching Google Buzz, we quickly realized we didn't get everything right and moved as fast as possible to improve the Buzz experience. We made a number of changes to the getting started experience based on your feedback, the most significant of which was replacing auto-following with suggestions for people to follow," Jackson wrote. "Rather than automatically setting you up to follow the people you e-mail and chat with most, Google Buzz now suggests people for you to follow instead. This way, Buzz is still simple to set up (no one wants to peck out an entire social network from scratch) but you aren't set up to follow anyone until you choose to do so."
It's that notion that "no one wants to peck out her social network" that still draws the ire of privacy regulators, including Stoddart, who believe it should be obvious that no one wants their social network to suddenly appear out of the blue, fully formed, for the world to see and disseminate.
In essence, you took Google Mail (Gmail), a private, one-to-one Web-based e-mail service, and converted it into a social networking service, raising concern among users that their personal information was being disclosed. Google automatically assigned users a network of "followers" from among people with whom they corresponded most often on Gmail, without adequately informing Gmail users about how this new service would work or providing sufficient information to permit informed consent decisions. This violated the fundamental principle that individuals should be able to control the use of their personal information.
Users instantly recognized the threat to their privacy and the security of their personal information, and were understandably outraged. To your credit, Google apologized and moved quickly to stem the damage.
While your company addressed the most privacy-intrusive aspects of Google Buzz in the wake of this public protest and most recently (April 5, 2010) you asked all users to reconfirm their privacy settings, we remain extremely concerned about how a product with such significant privacy issues was launched in the first place. We would have expected a company of your stature to set a better example. Launching a product in "beta" form is not a substitute for ensuring that new services comply with fair information principles before they are introduced.