A new report claims Google has an entrenched hostility to privacy. Does the search giant need a Chief Privacy Officer?
With the recent release of the innovative Street View feature to its mapping service, Google has one-upped the competition with a clever gimmick that lets you view an image of your destination just as if you were driving past it at street level.
To achieve this effect, Google hired a van full of cameras to drive around several U.S. cities and take pictures of nearly every streetscape.
While we may not know exactly which day each picture was taken, for some number of unlucky individuals who found themselves captured in the photo sweep, the day of the photo shoot will hereafter be known as the day Google caught me picking my nose
or scratching their butt, or breaking-and-entering, or urinating on a roadside, to name just a few of the activities captured.
Quite coincidentally, at almost the very same moment that residents and visitors to those three cities scanned the images looking to see if Google had captured their previously ephemeral moments of private shame, a privacy watchdog organization in the United Kingdom was preparing to issue a report claiming Google has an entrenched hostility to privacy and is winning the race to the bottom on privacy.
In its report, Privacy International outlined many of Googles ongoing privacy controversies and highlighted its growing size and dominance in the search engine and advertising industries as adding to the privacy threat it poses.
The report also noted that the company's privacy policies are often vague and "possibly deceptive," and that Google has a poor track record of responding to privacy concerns or seeking the input of privacy experts before introducing services.
Naturally, Google responded with outrage, with one of the companys lawyers claiming that Privacy Internationals report was based on numerous inaccuracies and misunderstandings about Googles services.
Meanwhile, in another corner of the Google PR department, the company was denying that the new Street View service raised any privacy issues!
Yes, from a general legal perspective, photographs taken on a public street may not violate any established privacy protections under statute or common law. But the technical legal question is irrelevant to the larger issue: when someone can look on Google and see themselves drinking a cup of coffee at Starbucks, they tend to get freaked out.
This apparent failure to take into consideration the privacy expectations of end-users is systemic, according to Privacy International. "Techniques and technologies (are) frequently rolled out without adequate public consultation (e.g. Street level view), the report said.
Not true, a Google spokesperson replied, We tried to balance offering a strong, useful product for users with the privacy implications of it."
Yet, how they attempted to achieve that balance is unclear.
For example, the Street View service requires a complex set of algorithms to stitch together the multiple photographs. It also appears that the system adjusts images to compensate for different angles, the glare of the sun, and other challenges.
But if Google used any sophisticated technologies to enhance the privacy of those people captured in the images -- such as using facial recognition to automatically blur faces of people on the street -- theyre being very quiet about it.
With this latest controversy, many people have taken this opportunity to repeat a call I have made nearly every day since the beginning of this century: Google needs a privacy officer.
In a posting on his SearchEngineLand.com blog
, search expert Danny Sullivan said,
I'd like to see Google appoint a privacy czar, someone charged with...assuming the worst about the company and diligently working to ensure users have as much protection as possible."
Similarly, privacy advocate Lauren Weinstein posted on his blog a call for what he termed an At-Large Public Ombudsman at Google, to help them address their ongoing privacy issues and other public policy concerns.
What both of these commentators describe is the essence of a Chief Privacy Officer (CPO). Its someone who minds the store on privacy matters in a proactive way, moving easily between technical, marketing, strategic, and legal matters, and making sure the hard questions are asked (and answered) long before products launch.
At many large consumer-facing companies the CPO heads a team of privacy professionals who become a central resource for executives and front-line personnel alike, across the entire company, across all business units and at all levels of the organization.
When I created the first corporate CPO position and built one of the first dedicated corporate privacy teams back during the dotcom boom days, some people scoffed at whether a dedicated privacy person (much less a whole team) was really necessary. Yet one need only look at the evolution of the industry over the last decade to see that the need for a CPO role and/or team at many organizations has been proven beyond any shadow of doubt.
My work in evangelizing the importance of the CPO role led me to a fascinating meeting at Google back in about 2001. I was told that they were hiring a lawyer to work on privacy matters, but I was somewhat surprised that they defined that "privacy" role as mostly limited to responding to subpoenas and other similar procedural matters.
When I inquired about how they were intending to address the bigger privacy issues that were already starting to nip at their heels, I was told that privacy was so deeply engrained in the corporate ethos that they really didn't see the need for a role like a Chief Privacy Officer.
Apparently they still don't. I walked away from the meeting shaking my head, knowing then that privacy was going to be an ongoing headache for Google.
The last six years have proven me right: with almost every major product/service release, glaring privacy issues have been evident and the company always seems shocked and surprised that anybody raises the issue. Yet each time, it's clear that stuff is going out the door without any evidence of serious attention to, or mitigation of, those glaring problems.
While I hope that Google finally heeds these public calls to get serious about managing their privacy problems, I still have significant doubts.
When I was evangelizing privacy management to executives at Google back in 2001, and again in 2004, the indifference with which my efforts were met told me that privacy at Google was evolving from a blind spot into an elephant in the room.
Today, I fear that addressing this serious deficiency in their privacy process would require Googles executives to admit that they'd gotten this one fundamentally wrong. Unfortunately, the hubris that led Google into this blind alley will probably prevent them from escaping it anytime soon.
While that is good news for Googles competitors, its bad news for all of us whose privacy rests in Googles hands.