Google and other online companies need to stop "willfully" disregarding privacy laws in many countries when rolling out new products or privacy policies, or they may face fines and other sanctions, data protection commissioners from 10 countries said Tuesday.
The government regulators, from Canada, France, Germany and other countries, focused their warnings on Google and the launch of its Buzz social networking service in February. The 10 data protection regulators sent a letter to Google CEO Eric Schmidt, saying the launch of Buzz came with a "disappointing disregard for fundamental privacy norms and laws."
Internet-based companies should see the letter as a final warning before data protection regulators begin to take action against violations of privacy law, said Jacob Kohnstamm, chairman of the College Bescherming Persoonsgegevens in the Netherlands. "We won't hesitate to use our powers to enforce the fundamental right to privacy, if and when this last warning seems to be ignored," he said at a press conference.
The letter sent to Google represents the first time so many data protection regulators have worked together to attempt to enforce privacy rules, said Jennifer Stoddart, privacy commissioner of Canada. Internet users and companies should expect more joint actions, she added.
In the original public version of Buzz, launched in February, the program compiled a list of the Gmail contacts the users most frequently e-mailed or chatted with and automatically started following those people. Those lists were made public, giving strangers access to the contacts of Buzz users.
There were a flurry of complaints from Gmail users, and Google made changes to Buzz within a couple of days. Google officials said they tested Buzz on employees, but outside users reacted much differently to the default settings.
A Google spokesman said the company has launched several privacy tools in recent months, including Google Dashboard and Ads Preferences Manager, to give users control over their data.
"We try very hard to be up front about the data we collect, and how we use it, as well as to build meaningful controls into our products," he said. "Of course we do not get everything 100 percent right -- that is why we acted so quickly on Buzz following the user feedback we received. We have discussed all these issues publicly many times before and have nothing to add to today's letter -- instead we are focused on launching our new transparency tool which we are very excited about."
Google on Tuesday announced it was launching a government transparency tool that shows users what types of user information governments are requesting from Google. Eight of the 10 countries that sent the privacy letter to Google made at least 30 requests for Google to release information about individual users in the second half of 2009.
The U.K., which signed on to the privacy letter, made more than 1,150 requests for information on Google users during the six-month period. France, Italy and Germany each made more than 450 requests for information about Google users during that time period.
Still, the privacy commissioners said Google's launch of Buzz and some other products has lacked an appropriate focus on privacy.
"It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world," the letter said.
Google has also "ignored" privacy concerns when it rolled out its Street View product and other products, said Artemi Rallo Lombarte, director of Agencia Española de Protección de Datos in Spain. Internet companies need to stop the "habitual" launch of products before they fully consider the privacy implications, he said.
"Many of these companies publicly say they're committed to privacy rights ... but this appears to be a marketing strategy rather than a true and real commitment," Lombarte said.
The group of privacy commissioners called on Google and other online companies to collect the minimum amount of information necessary, to provide privacy control settings that are easy to use and to allow users to easily delete their accounts.