Data protection authorities from ten countries blasted Google’s privacy practices on Tuesday and warned they may take action to sanction the Internet giant.
In a letter to Google CEO Eric Schmidt, the “unprecedented” coalition of privacy czars from Europe, Canada and Israel described the surprise conversion of Google’s private email service to a public social networking service without informing users as a violation of “the fundamental principle that individuals should be able to control the use of their personal information.”
The letter demands:
We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:
- collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
- providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
- creating privacy-protective default settings;
- ensuring that privacy control settings are prominent and easy to use;
- ensuring that all personal data is adequately protected, and
- giving people simple procedures for deleting their accounts and honouring their requests in a timely way.
Google’s “commitment to privacy appears to be a marketing strategy rather than a commitment,” said Artemi Rallo Lombarte, Spain’s privacy czar, at Washington press conference. “The rules are known to this multinational. It’s not the first time,” Lombarte said, recalling the earlier rollout of Google Street View in Europe. The new product prompted a surge of complaints regarding the depiction of people who had not given permission for use of their pictures and charges that Google was not in compliance with local laws. Google later blurred the faces of people appearing in Street View.
Instead of complying with privacy rules before a product rollout, Lombarte charged that Google and Facebook have a “habitual” practice of trial and error to gauge response from regulators and privacy advocates (FYI Recall that Schmidt said in 2009, “if you have something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
France’s Yann Padova, speaking via video link, noted that the privacy issue is broader than Google but stressed that “as the leader Google should set an example.”
Yoram Hacohen, head of the Israeli Law Information and Technology Authority, called on Google to reveal what went wrong in the development of Buzz. “Privacy should be part of the DNA of an organization,” he said.
Jacob Kohnstamm, head of the Dutch Data Protection Authority and chairman of the joint conference of European Union data protection authorities, called the letter a “last warning.”
Canadian privacy commissioner Jennifer Stoddart said the group is awaiting an answer and that if the warning is ignored the countries have a variety of enforcement tools, including investigation, audits, and fines.
“We have seen this happen a couple of times. This cannot go on,” Stoddart said. “We want to get a strong message out.”
The officials said the ten countries, which have never acted in concert on privacy issues before, have a combined population of 375 million.
Tue, Apr 20, 2010 at 7:19 pm