10 Data Protection Regulators Issue Letter to Google

This post was written by Alysa Zeltzer Hutnik.

On April 19, 2010, data protection authorities from Canada, France, Germany, Ireland, Israel, Italy, Netherlands, New Zealand, Spain, and the United Kingdom sent a letter to Google indicating their disappointment and concern related to Google's privacy practices. The letter called out the Google Buzz social networking application stating that it "violated the fundamental principle that individuals should be able to control the use of their personal information," and noted that privacy concerns were previously raised with the launch of Google Street View.

The groups commented: "Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world." Lastly, the groups urged Google to incorporate fundamental privacy principles into the design of its online services including:

  • Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • Create and apply default settings that are privacy-protective;
  • Ensure that privacy control settings are prominent and easy to use;
  • Ensure that all personal data is adequately protected, and
  • Provide simple procedures to delete accounts and honor these requests in a timely manner.
Members from Canada, France, Israel, Netherlands, and Spain will hold a press conference in Washington, D.C. today to address the initiative. As a practical matter, businesses should consider these concerns and recommendations when launching new online services and applications.