Well, Google has egg on its face over privacy issues stemming from the launch of its Buzz social networking service. How serious is the problem? Just “housekeeping,” according to Google, where the company line, given by Google Canada spokesperson Wendy Rozeluk, is: “We’ll be making significant (Buzz) product improvements over the next few days based on user feedback. The user always comes first.”
Buzz product manager Todd Jackson tried to explain the situation as new product growing pains.
“We’ve been testing Buzz internally at Google for a while,” Jackson said. “Of course, getting feedback from 20,000 Googlers isn’t quite the same as letting Gmail users play with Buzz in the wild.”
Okay, let’s get this straight. Google depends on its users to vet the adequacy of its privacy protection and controls? Because ultimately that’s what Google, after testing the service internally only, and okaying its release without real-world testing or consultation with the Canadian Privacy Commissioner’s Office, is telling us: “WE tested it, WE felt it was okay. But after the fact, if users or the Privacy Commissioner tell us it isn’t, hey, don’t worry, we’ll fix it fast because the user always comes first.”
Worryingly, Google responded to questions from the U.S. trade press about its lack of a Chief Privacy Officer, or indeed any top executive charged with privacy, by saying that “rather than having a single, isolated privacy department, we embed the importance of privacy into our products and systems from engineers through executives, guided by trained privacy professionals.”
I say worryingly, because what’s being exposed here is a lack of privacy discipline and process within Google. This isn’t a case of mistakes slipping through the system, it’s a case of not having an adequate system to begin with. Google’s “embedded importance of privacy from engineers through executives and trained privacy professionals” approved what the company was doing with Buzz. And with all the same people and “embedded importance of privacy” still there, there’s obviously nothing in terms of formal policy baked into product development at Google to prevent something like this from happening again. Google really just doesn’t get it.
Privacy isn’t necessarily something that’s hard to avoid getting into trouble with your users over — if you’re serious about it. Like all things in IT, when things are serious, policy starts getting laid down. So I say to Google, instead of telling us about your “embedded importance of privacy,” show us some policy and maybe we’ll all start believing this won’t happen again.