Privacy group swats Google Buzz

Australian Privacy Foundation says new social networking tool may share a little more than you might wish

Google Buzz has come under heavy criticism from the Australian Privacy Foundation, which believes the new social networking tool has major privacy flaws.

Speaking to Computerworld AustraliaAPF chair, Dr Robert Clarke, said the automatic roll out of the tool to Gmail users, and its automatic addition of followers based on email usage, was of concern.

“Personal data about them has been re-purposed without formal notice to them, and without consent,” Clarke said. “Specifically, each Gmail subscriber's associations with 'other people' are being disclosed to other 'other people'. This is quite possibly illegal use and disclosure of personal data without consent.”

Clarke said the approach to user privacy was “amazingly naïve” for a corporation that professed to "know a lot about you".

“People don't have a single identity, and they don't have a single network of contacts. They have multiple identities, and different sets of contact networks associated with each of them,” he said. “For many people it's an unhelpful jumbling of networks, for others it's an unwanted intrusion, and for others it's threatening".

Launched this week Buzz is touted as holding the promise of addressing one of the major failings of social networking apps to date: Filtering out the gushing torrent of inanities flowing from people who are, in effect, complete strangers.

Google is pitching Buzz, accessible from within Gmail, as a new way to share updates, photos, videos, among other things and a way to start conversations about the topics of interest to users.

According to Google’s Buzz privacy policy users of the tool may have information recorded about their use of the product, such as the posts they like or comment on and the other users with whom they communicate, in order to provide “a better experience on Buzz and other Google services and to improve the quality of Google services”.

“Your name, photo, and the list of people you follow and people following you will be displayed on your Google profile, which is publicly searchable on the Web,” the policy reads.

“If you are following someone who publicly displays their list of followers on their Google profile, then you will appear on that person's public list. Likewise, if someone is following you and displays the list of people they follow on their profile, then you will appear on that public list.”

On top of effectively taking a Gmail user’s address book and making it public, Buzz also collects the location data of users running the tool on a mobile device.

“A further aspect of potentially very serious concern is the statement in the Privacy Policy that ‘your location will be collected by Google and displayed to other users, as described when you first attempt to use Buzz on a mobile device’,” Clarke said. “This implies that location-display may be opt-out, not consent-based. And of course the personal data in this case is potentially highly-sensitive, from a personal safety perspective.”

Clarke added that while Gmail users may have technically consented to the sharing of their personal information when first signing up to Gmail, the spirit of end-user privacy was not being respected.

“There may be some lawyers' weasel-words somewhere in the labyrinth of Policies, FAQs, Blog posts and Principles web-pages… [but] those weasel-words abjectly fail the crucial characteristics of consent, which are that it be informed, and freely-given,” he said.

“Despite longstanding attempts by US corporations and the US FTC, 'opt-out' is not consent, and can never be consent.”

In January, Google released its Privacy Principles in a bid to reassure users over the way the Internet giant collects, stores, uses, and shares their data.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags google buzzsocial networksAustralian Privacy Foundation (APF)privacy

More about FTCGooglePrivacy Foundation

Comments

Comments are now closed

UK plans Australia-style data retention regime

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]