Canada (and everyone else) to Google: You Suck

For anyone who’s not familiar with the huge privacy kerfuffle involving the launch of Google Buzz in February, here’s the basic timeline:

Feb. 9: Google Buzz launches
Five minutes later: Someone notices a major privacy flaw.
Ten minutes later: The world promptly freaks out.

Feb. 11: Google makes a small change that doesn’t go far enough (basically making it easier to opt out of the problematic feature).
Five minutes later: Everyone still freaking out.

Feb. 13: Google finally fixes it by making the feature opt in.

The speed at which this happened was actually kind of impressive for such a huge company; four days is pretty darn good compared to the three weeks or so that it took Facebook to deal with the outcry over Beacon. But people were still really pissed off, perhaps because in some cases the damage may have already been done – like the much discussed blog post from a woman for whom Google Buzz may have revealed information to her abusive ex-husband. Here’s a good overview of the privacy problems that popped up after launch.

And now Google has been officially (and publicly) scolded by some government officials in a number of countries. The Privacy Commissioner of Canada sent a letter to CEO Eric Schmidt. It was also signed by data protection authorities in France, Germany, Israel, Italy, Ireland, Netherlands, New Zealand, Spain and the United Kingdom. They’re making some serious demands, that as a company entrusted with people’s privacy information, Google should “incorporate fundamental privacy principles directly into the design of new online services.” They even enumerated some suggestions:

  • collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • creating privacy-protective default settings;
  • ensuring that privacy control settings are prominent and easy to use;
  • ensuring that all personal data is adequately protected, and
  • giving people simple procedures for deleting their accounts and honouring their requests in a timely way.

So what do you think, are these good guidelines? Are you worried about features that Google might roll out in the future, or do you think that they learned their lesson? And for those of you who use Buzz, did the information-sharing actually affect or bother you?